Malware-1[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Malware-1.zip
Size

601KB
MD5

4f14c71c4ba4e052b5692add0d3ad5c4
SHA1

5b3d6b530921ab3f11bd557b9935e13f9afb4032
SHA256

5e10132999fe626a4ca20e5f9d793b299f8e52b2e6671c42732228de4dd26562
SHA512

9f3e3806b83e9baa3c3ef5f0f416f784efb7b1743a1013effeff6af8db2c074bec39ab579d604f470a1880bb3611697b81294e24126b262f47311f1551f42b49
SSDEEP

12288:vDsRB/i0Ux2oqnNXg2tJazdGXtf0dsnWzXbHSkGqh1xOzk86c:vDsni0OPqK2tJazYXtCkUGXqXxGk8B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/DiskClr_v7.7.dll

Files

Malware-1.zip
.zip
DiskClr_v7.7.dll
.dll windows:6 windows x86 arch:x86

62b7b3399ccd37d157331b0e11114246

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Bamboo\home\xml-data\build-dir\CST-DLIN-SOURCES\bin\Win32\ReleaseMT\antimalware_provider32.pdb

Imports

kernel32

GetModuleFileNameA
GetLocalTime
GetTickCount64
GetCurrentProcessId
FileTimeToSystemTime
GetCurrentProcess
GetProcessTimes
SetFileAttributesW
CreateDirectoryW
GetModuleFileNameW
ExpandEnvironmentStringsW
MultiByteToWideChar
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryW
DeviceIoControl
CreateFileW
DeleteFileW
OutputDebugStringW
GetCurrentThreadId
CloseHandle
GetOverlappedResult
ReadFile
WriteFile
Sleep
WaitNamedPipeW
WaitForSingleObject
CancelIo
GetCommandLineW
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
HeapFree
GetModuleHandleExW
HeapAlloc
GetProcessHeap
GetModuleHandleW
WerRegisterRuntimeExceptionModule
WerUnregisterRuntimeExceptionModule
ReadConsoleW
CreateEventW
ResetEvent
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
WideCharToMultiByte
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
FormatMessageA
LocalFree
GetStringTypeW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFinalPathNameByHandleW
SetEndOfFile
SetFilePointerEx
GetFileInformationByHandleEx
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
LCMapStringEx
GetLocaleInfoEx
CompareStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
SetStdHandle
GetFileType
ExitProcess
GetFileSizeEx
GetStdHandle
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleOutputCP
GetConsoleMode
FlushFileBuffers
HeapReAlloc
HeapSize

advapi32

RegOpenKeyExW
RegQueryValueExW

ole32

StringFromCLSID
CoTaskMemAlloc
CoTaskMemFree

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

Cleaner

Sections

.text
Size: 448KB - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 452KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RunDLL-1.bat

Sharing

General

Malware Config

Signatures

Files

62b7b3399ccd37d157331b0e11114246

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ole32

version

Exports

Exports

Sections

.text Size: 448KB - Virtual size: 448KB

.rdata Size: 84KB - Virtual size: 84KB

.data Size: 7KB - Virtual size: 11KB

.rsrc Size: 452KB - Virtual size: 452KB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 448KB - Virtual size: 448KB

.rdata
Size: 84KB - Virtual size: 84KB

.data
Size: 7KB - Virtual size: 11KB

.rsrc
Size: 452KB - Virtual size: 452KB

.reloc
Size: 17KB - Virtual size: 17KB