malware[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

malware.zip
Size

17KB
MD5

a80fcf117e19bf92dfbfe5ab33381677
SHA1

3350bb14a7d43317c0728510eaeb0e47bed27889
SHA256

d8da768448d915f88ed91979ca3dcde9a5eac0a3836308d20502d0953038d935
SHA512

5ccee361f490e0be55ae67407f0daf9562443290aea453827bfe7a2e9c49af5d80adbb1a6cfa85e83a7c37ebedff8d63f0f2a97e3d2271cdf66a3ccbe3150141
SSDEEP

192:uPtLUThgOBD48z1j0MjDAHcnmc4tKCDustv2X8WXc+YOU22h81TlOTHXVH3vnhnE:uPt4WOFttnmflc8WXcl722hoWV/hN1A

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/VCRUNTIME140_1.dll
unpack001/binary-illusions.exe

Files

malware.zip
.zip

Password: parola
VCRUNTIME140_1.dll
.dll windows:6 windows x64 arch:x64

Password: parola

408bc6a96356ddd9f557177d321af5d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\adrik\source\repos\WMI_DLL\x64\Release\WMI_DLL.pdb

Imports

kernel32

CreateThread
CloseHandle
LoadLibraryExW
GetSystemDirectoryW
GetProcAddress
FreeLibrary
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
RtlCaptureContext

msvcp140

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?good@ios_base@std@@QEBA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?uncaught_exception@std@@YA_NXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xlength_error@std@@YAXPEBD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
memset
memmove
__std_terminate
__std_exception_copy
__std_exception_destroy
__C_specific_handler
_CxxThrowException
__std_type_info_destroy_list

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_execute_onexit_table
_initterm_e
_cexit
_initterm
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-string-l1-1-0

strcpy_s

Exports

Exports

__CxxFrameHandler4
__NLG_Dispatch2
__NLG_Return2

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
binary-illusions.exe
.exe windows:6 windows x64 arch:x64

Password: parola

2bfd000925053c6b47a8fa64d50de6cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ole32

CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoUninitialize

oleaut32

VariantClear
SysAllocString
SysFreeString

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
memset
__C_specific_handler
__std_exception_copy
memcpy
__std_exception_destroy
__current_exception
__std_terminate
__current_exception_context

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
malloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_seh_filter_exe
terminate
_register_onexit_function
_initialize_onexit_table
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_initialize_narrow_environment
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

kernel32

MultiByteToWideChar
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlLookupFunctionEntry
GetLastError
RtlCaptureContext
LocalFree
RtlVirtualUnwind

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: parola

Password: parola

408bc6a96356ddd9f557177d321af5d9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 864B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 132B

Password: parola

2bfd000925053c6b47a8fa64d50de6cb

Headers

DLL Characteristics

File Characteristics

Imports

ole32

oleaut32

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

kernel32

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 624B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 96B

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 864B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 132B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 624B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 96B