minty[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

minty.zip
Size

10.4MB
MD5

11e25c4deeff6290e2ced80005fe012c
SHA1

9381c3614ed0cefaf3c11c7f0bdb97ef548d10da
SHA256

d2fb6a4c483aa3d3387768bf7efc5dba54e643fea3a76e880c526d549b3e2eb4
SHA512

b1eace459fe66c8307cfa231bf42008e62801b3a06ec3d69cc2e890561eeca709a446ad99878d9932e5ffe0e1f1c1635bcd25e82524981238a626b4338b46f8b
SSDEEP

196608:h9TIRrey17+P4K+cy+P44V/s+P44V/s+P44V/s+P44V4jtkBLtbUged+Fv2W9/xL:hNsrCPEc/P5bP5bP5bP5qjTged+rgeJD

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/launcher.exe
unpack001/minty.dll

Files

minty.zip
.zip
launcher.exe
.exe windows:6 windows x64 arch:x64

e3f3700aa4e91a1472ccab22b35581f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\EtoShinya\source\repos\M\x64\Release\launcher.pdb

Imports

kernel32

WriteProcessMemory
GetModuleHandleExW
GetModuleFileNameW
WaitForSingleObject
ResumeThread
GetExitCodeThread
GetLastError
SetEndOfFile
GetProcAddress
VirtualAllocEx
GetModuleHandleW
CreateRemoteThread
CreateProcessA
VirtualFreeEx
WriteConsoleW
CloseHandle
GetCurrentProcess
GetCurrentDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
AreFileApisANSI
GetFileInformationByHandleEx
MultiByteToWideChar
WideCharToMultiByte
LocalFree
FormatMessageA
GetLocaleInfoEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlUnwind
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetFileSizeEx
SetFilePointerEx
GetFileType
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetExitCodeProcess
CreateProcessW
ReadFile
ReadConsoleW
HeapReAlloc
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
HeapSize

comdlg32

GetOpenFileNameA

Sections

.text
Size: 279KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
minty.dll
.dll windows:6 windows x64 arch:x64

32db32733ce59cf2385286705a3a0db2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\EtoShinya\source\repos\M\x64\Release\minty.pdb

Imports

d3d11

D3D11CreateDeviceAndSwapChain

kernel32

SizeofResource
FindResourceA
LockResource
LoadResource
AllocConsole
SetConsoleTextAttribute
GetStdHandle
GetModuleFileNameA
GetCurrentProcess
Sleep
CreateFileA
GetProcAddress
lstrcmpiW
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetLocaleInfoA
LoadLibraryA
QueryPerformanceFrequency
FreeLibrary
QueryPerformanceCounter
LoadLibraryExA
FormatMessageA
CreateThread
GetCurrentThreadId
QueueUserAPC
GetModuleHandleW
OpenThread
FreeResource
GetCurrentThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualFree
VirtualQuery
SetLastError
AreFileApisANSI
LocalFree
GetModuleFileNameW
lstrlenW
WaitNamedPipeW
GetCurrentProcessId
CloseHandle
GetLastError
CreateFileW
PeekNamedPipe
WriteFile
ReadFile
GetConsoleWindow
ExitProcess
GetLocaleInfoEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
MultiByteToWideChar
VirtualProtect
GetModuleHandleA
InitializeSListHead
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
SuspendThread
GetTickCount64

user32

SetCursor
ShowWindow
SetCapture
CloseClipboard
GetForegroundWindow
GetKeyboardLayout
TrackMouseEvent
ClientToScreen
EmptyClipboard
GetCapture
LoadCursorA
GetMessageExtraInfo
GetKeyState
FindWindowA
IsWindowUnicode
ReleaseCapture
GetClientRect
GetClipboardData
SetClipboardData
ScreenToClient
CallWindowProcA
EnumWindows
SetCursorPos
GetClassNameA
DefWindowProcA
CreateWindowExA
GetWindowThreadProcessId
GetCursorPos
OpenClipboard
RegisterClassExA
SetWindowLongPtrA

advapi32

RegCreateKeyExW
RegCloseKey
RegSetValueExW

shell32

ShellExecuteA

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Xbad_function_call@std@@YAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
_Mtx_current_owns
_Cnd_init_in_situ
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_timedwait
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Cnd_do_broadcast_at_thread_exit
_Xtime_get_ticks
_Mtx_unlock
_Cnd_broadcast
?_Xout_of_range@std@@YAXPEBD@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Winerror_map@std@@YAHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Syserror_map@std@@YAPEBDH@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??Bios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1?$codecvt@_SDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_SDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_S1AEAPEB_SPEAD3AEAPEAD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
_Query_perf_frequency
_Query_perf_counter
_Strxfrm
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Xbad_alloc@std@@YAXXZ
??0_Locinfo@std@@QEAA@PEBD@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exceptions@std@@YAHXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??1_Locinfo@std@@QEAA@XZ

msvcp140_codecvt_ids

?id@?$codecvt@_SDU_Mbstatet@@@std@@2V0locale@2@A

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
NtProtectVirtualMemory
NtQuerySection

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow

d3dcompiler_47

D3DCompile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memmove
__std_exception_destroy
memchr
__std_exception_copy
__std_terminate
__C_specific_handler
strchr
strstr
longjmp
strrchr
memcpy
memset
__current_exception
__current_exception_context
__intrinsic_setjmp
_CxxThrowException
__std_type_info_destroy_list
memcmp

api-ms-win-crt-stdio-l1-1-0

fflush
tmpnam
fclose
fgetc
fwrite
__stdio_common_vswprintf
__stdio_common_vfprintf
__stdio_common_vsprintf
fgetpos
setvbuf
__acrt_iob_func
__stdio_common_vsprintf_s
ungetc
_ftelli64
_popen
tmpfile
_get_stream_buffer_pointers
_pclose
clearerr
fgets
_fseeki64
getc
fopen
ferror
freopen
fread
__stdio_common_vsscanf
ftell
fsetpos
fseek
fputc
feof
_wfopen

api-ms-win-crt-heap-l1-1-0

free
_callnewh
realloc
malloc

api-ms-win-crt-convert-l1-1-0

strtoull
atof
strtoul
strtoll
strtod

api-ms-win-crt-filesystem-l1-1-0

rename
_unlock_file
remove
_lock_file

api-ms-win-crt-locale-l1-1-0

localeconv
setlocale
___lc_codepage_func

api-ms-win-crt-runtime-l1-1-0

strerror
system
abort
_invalid_parameter_noinfo_noreturn
terminate
_beginthreadex
exit
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_errno
_wassert
_invalid_parameter_noinfo

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64
strftime
_difftime64
clock
_mktime64
_localtime64

api-ms-win-crt-string-l1-1-0

tolower
ispunct
isblank
isspace
islower
isalnum
strncmp
isupper
toupper
isdigit
isxdigit
strpbrk
isgraph
strspn
isalpha
iscntrl
strcmp
strcoll
strncpy

api-ms-win-crt-utility-l1-1-0

qsort
rand
srand

api-ms-win-crt-math-l1-1-0

ldexp
sqrt
sinf
sin
powf
tan
pow
_dclass
acos
acosf
asin
atan2
atan2f
ceil
ceilf
cos
cosf
exp
sqrtf
floor
_dsign
floorf
logf
log10
log
fmodf
fmod
frexp

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10.6MB - Virtual size: 10.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3f3700aa4e91a1472ccab22b35581f5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

comdlg32

Sections

.text Size: 279KB - Virtual size: 278KB

.rdata Size: 87KB - Virtual size: 87KB

.data Size: 6KB - Virtual size: 12KB

.pdata Size: 13KB - Virtual size: 13KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 171KB - Virtual size: 171KB

.reloc Size: 3KB - Virtual size: 2KB

32db32733ce59cf2385286705a3a0db2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

kernel32

user32

advapi32

shell32

msvcp140

msvcp140_codecvt_ids

ntdll

imm32

d3dcompiler_47

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 10.6MB - Virtual size: 10.6MB

.data Size: 10KB - Virtual size: 252KB

.pdata Size: 50KB - Virtual size: 50KB

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 6.6MB - Virtual size: 6.6MB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 279KB - Virtual size: 278KB

.rdata
Size: 87KB - Virtual size: 87KB

.data
Size: 6KB - Virtual size: 12KB

.pdata
Size: 13KB - Virtual size: 13KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 171KB - Virtual size: 171KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 10.6MB - Virtual size: 10.6MB

.data
Size: 10KB - Virtual size: 252KB

.pdata
Size: 50KB - Virtual size: 50KB

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 6.6MB - Virtual size: 6.6MB

.reloc
Size: 5KB - Virtual size: 5KB