Pali[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Pali.zip
Size

23.3MB
MD5

90965134640dd0530ac7b75eca48de1e
SHA1

98d46731868f5c6579d7c8d1ae5b9e7f374c5829
SHA256

a3aaf7667aafc5516cf664fd21911e38d2169a4566e246dbdcb089f06d39ce5f
SHA512

903d02c31e6b2f819ae6cebc995c2cdcfe19ec3563bd6d84cb18cc43a1c08eef967748e33fc7c74005ea17f6f40e9412a86d78f0faa10534ccc785d0049d7681
SSDEEP

393216:o7UDw+uOMqUOeuakdTRamTCET6anrew1d6QGT80NSyFqWi+4tWxTuLqUHPqKx1iZ:o7UJuOIGuETPnQdArye+4GuLqUyq0a16

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Pali/loader_prod.exe

Files

Pali.zip
.zip
Pali/loader.cfg
Pali/loader_prod.exe
.exe windows:6 windows x64 arch:x64

2ad5bba9a7f55df153e18e95c7aa0b7b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetComputerNameA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

GetActiveWindow

gdi32

DeleteDC

advapi32

OpenProcessToken

shell32

SHGetKnownFolderPath

ole32

CoCreateGuid

oleaut32

VariantClear

ntdll

NtClose

msvcp140

??1_Lockit@std@@QEAA@XZ

shlwapi

PathFindExtensionW

ws2_32

WSAGetLastError

crypt32

CertOpenStore

secur32

InitSecurityInterfaceW

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_47

D3DCompile

imm32

ImmSetCompositionWindow

gdiplus

GdipSaveImageToFile

dnsapi

DnsNameCompare_W

rpcrt4

UuidToStringW

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcmp

api-ms-win-crt-heap-l1-1-0

_callnewh

api-ms-win-crt-string-l1-1-0

wcsnlen

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

fputc

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

_itow_s

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-math-l1-1-0

ldexp

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

🧠_*IT
Size: - Virtual size: 684KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

🧠H#a1
Size: - Virtual size: 630KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

🧠oE7]
Size: - Virtual size: 789KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

🧠q4s$
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

🧠NAGx
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

🧠w&/2
Size: - Virtual size: 17.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

🧠+m1R
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

🧠q3>[
Size: 25.8MB - Virtual size: 25.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

🧠miL-
Size: 1024B - Virtual size: 737B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ad5bba9a7f55df153e18e95c7aa0b7b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ntdll

msvcp140

shlwapi

ws2_32

crypt32

secur32

d3d11

d3dcompiler_47

imm32

gdiplus

dnsapi

rpcrt4

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

🧠_*IT Size: - Virtual size: 684KB

🧠H#a1 Size: - Virtual size: 630KB

🧠oE7] Size: - Virtual size: 789KB

🧠q4s$ Size: - Virtual size: 24KB

🧠NAGx Size: - Virtual size: 8KB

🧠w&/2 Size: - Virtual size: 17.9MB

🧠+m1R Size: 6KB - Virtual size: 5KB

🧠q3>[ Size: 25.8MB - Virtual size: 25.8MB

🧠miL- Size: 1024B - Virtual size: 737B

🧠_*IT
Size: - Virtual size: 684KB

🧠H#a1
Size: - Virtual size: 630KB

🧠oE7]
Size: - Virtual size: 789KB

🧠q4s$
Size: - Virtual size: 24KB

🧠NAGx
Size: - Virtual size: 8KB

🧠w&/2
Size: - Virtual size: 17.9MB

🧠+m1R
Size: 6KB - Virtual size: 5KB

🧠q3>[
Size: 25.8MB - Virtual size: 25.8MB

🧠miL-
Size: 1024B - Virtual size: 737B