Parser[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Parser.zip
Size

2.2MB
MD5

1820ac7eb95d2c3525280849a3886e28
SHA1

3b6100c9b36ba43d85ec2de51158ae735e5e2ef8
SHA256

c2e1f1fb6646168c76e3a2025fd5fa254b8090700a3464cc5543483656e73753
SHA512

0f6e93d7ce782dfce682f85ecd926045bfc5aab5a40bbef96a753369d94b3121b8e145039a3c8a3da04353f3c9d4285b924de10304c04fd406832e09db9a88bb
SSDEEP

49152:Td+/5N6jJg8vbQrTDv/XISwVpwZ6PG4j5d4E5i4Cw+HH3lMyru1/rW9ntcg:IRN6jTCTr/XISwVm6Zho1H3DrudWtcg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Parser/rxploit.exe

Files

Parser.zip
.zip
Parser/Dorks.txt
Parser/results/Checker/2024;01;05_16;28;53/good.txt
Parser/results/Checker/2024;01;05_16;29;34/good.txt
Parser/results/Parser/2024;01;05_16;15;58/urls.txt
Parser/results/Parser/2024;01;05_16;17;45/urls.txt
Parser/results/Parser/2024;01;05_16;28;19/urls.txt
Parser/results/Parser/2024;01;05_16;30;47/urls.txt
Parser/rxploit.exe
.exe windows:6 windows x64 arch:x64

667bd79c56868c29d4ed3c35fca57292

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\notsu\Coding\rxploit\target\release\deps\rxploit.pdb

Imports

kernel32

FormatMessageW
AcquireSRWLockShared
WaitForSingleObject
CreateEventW
HeapAlloc
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
HeapFree
GetProcessHeap
GetCurrentThreadId
InitializeSListHead
SetConsoleTitleA
WriteConsoleW
SetConsoleTextAttribute
SetHandleInformation
GetCurrentProcessId
GetConsoleMode
SetConsoleMode
CreateFileW
GetStdHandle
GetConsoleScreenBufferInfo
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
DuplicateHandle
GetSystemInfo
IsProcessorFeaturePresent
WaitForMultipleObjects
SystemTimeToTzSpecificLocalTime
CreateIoCompletionPort
SystemTimeToFileTime
GetQueuedCompletionStatusEx
TzSpecificLocalTimeToSystemTime
PostQueuedCompletionStatus
ReleaseSRWLockShared
ReadFile
GetOverlappedResult
AcquireSRWLockExclusive
SetFileCompletionNotificationModes
Sleep
GetModuleHandleA
CreateMutexA
WaitForSingleObjectEx
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceCounter
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
TryAcquireSRWLockExclusive
SetFilePointerEx
GetSystemTimeAsFileTime
WriteFileEx
SleepEx
GetExitCodeProcess
QueryPerformanceFrequency
GetCurrentThread
HeapReAlloc
ReleaseMutex
FindClose
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
DeleteFileW
GetFinalPathNameByHandleW
CancelIo
CreateThread
ReadConsoleW
WideCharToMultiByte
GetModuleHandleW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
ReleaseSRWLockExclusive
CreateNamedPipeW
ReadFileEx
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
CloseHandle
MultiByteToWideChar

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree

shell32

SHCreateItemFromParsingName

oleaut32

SysFreeString
SysStringLen
GetErrorInfo

shlwapi

AssocQueryStringW

secur32

DecryptMessage
AcceptSecurityContext
DeleteSecurityContext
QueryContextAttributesW
AcquireCredentialsHandleA
InitializeSecurityContextW
FreeCredentialsHandle
FreeContextBuffer
ApplyControlToken
EncryptMessage

ws2_32

bind
WSASocketW
getsockname
getpeername
getsockopt
shutdown
recv
ioctlsocket
WSASend
closesocket
setsockopt
WSAIoctl
WSAGetLastError
connect
send
WSAStartup
WSACleanup
freeaddrinfo
getaddrinfo

advapi32

SystemFunction036
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

crypt32

CertDuplicateCertificateContext
CertFreeCertificateContext
CertDuplicateStore
CertCloseStore
CertOpenStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertDuplicateCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertGetCertificateChain

ntdll

NtCreateFile
RtlNtStatusToDosError
NtReadFile
NtWriteFile
NtCancelIoFileEx
NtDeviceIoControlFile

bcrypt

BCryptGenRandom

vcruntime140

__current_exception_context
__current_exception
__C_specific_handler
_CxxThrowException
__CxxFrameHandler3
memcmp
memcpy
memmove
memset

api-ms-win-crt-math-l1-1-0

pow
__setusermatherr

api-ms-win-crt-runtime-l1-1-0

_get_initial_narrow_environment
_initterm
_initialize_onexit_table
_initialize_narrow_environment
_set_app_type
__p___argc
_initterm_e
_register_onexit_function
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_crt_atexit
_seh_filter_exe
_exit
__p___argv
terminate
exit

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

667bd79c56868c29d4ed3c35fca57292

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

shell32

oleaut32

shlwapi

secur32

ws2_32

advapi32

crypt32

ntdll

bcrypt

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 12KB - Virtual size: 12KB

.pdata Size: 166KB - Virtual size: 165KB

.reloc Size: 44KB - Virtual size: 43KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 12KB - Virtual size: 12KB

.pdata
Size: 166KB - Virtual size: 165KB

.reloc
Size: 44KB - Virtual size: 43KB