3450983405803498545[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

3450983405803498545.zip
Size

115KB
MD5

83bfb0843f59b8b21f0c85e466672d43
SHA1

c543d7c08916da28139dafd41639126ea22a90eb
SHA256

cf729c9698e02e97fedb4e27b2a1df490e5d6f093419d39014aee37750eaee3c
SHA512

eb0933ee01bb818621a3374f98d1bd36b4f0caef8778cf351611f2d8b9d9768a3ba00bd623f25cec837b9784bdb92dc9ca45dc13f738de00adc9cb6f02f172aa
SSDEEP

3072:rvdrneEpojom5Vkfjtft9I9S7yHAEuh3OycZDFqq0NmT:Zr3p65Vqjht9WFe3O5qO

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/duser.dll
unpack001/rekeywiz.exe

Files

3450983405803498545.zip
.zip
duser.dll
.dll windows:6 windows x64 arch:x64

029ed645eb5be1a0a23cb96b56d282c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\admin\source\repos\inject\x64\Release\inject.pdb

Imports

kernel32

CreateFileW
WriteConsoleW
CloseHandle
GetCurrentProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx

user32

MessageBoxW

Exports

Exports

Start

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rekeywiz.exe
.exe windows:10 windows x64 arch:x64

0186b48c4b71fbb2942fa3fe4e920d76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

rekeywiz.pdb

Imports

advapi32

SetUserFileEncryptionKeyEx
AddUsersToEncryptedFileEx
CryptSetProvParam
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

kernel32

CloseHandle
DeleteFileW
LocalFree
GetCurrentDirectoryW
GetLastError
LocalAlloc
SetCurrentDirectoryW
ExpandEnvironmentStringsW
CreateFileW
SetErrorMode
LoadLibraryW
CreateMutexW
GetProcessHeap
HeapSetInformation
FreeLibrary
GetFullPathNameW
GetFileAttributesW
GetModuleHandleW
FindFirstFileW
FindNextFileW
FindClose
LocalReAlloc
GetLogicalDriveStringsW
GetVolumeInformationW
GetDriveTypeW
WriteFile
GetTickCount
GetDateFormatW
CreateThread
FormatMessageW
FileTimeToLocalFileTime
FileTimeToSystemTime

user32

SetDlgItemTextW
GetFocus
IsWindow
SetFocus
GetDlgItemTextW
MessageBoxW
SetWindowLongW
ShowWindow
LoadIconW
GetParent
PostMessageW
SendDlgItemMessageW
LoadCursorW
SendMessageW
GetDlgItem
EnableWindow
MessageBoxExW
SetWindowLongPtrW
LoadStringW
ScreenToClient
GetMessagePos
InvalidateRect
SetCursor
DestroyIcon

msvcrt

_wcsicmp
_vsnwprintf
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
memset
?terminate@@YAXXZ
_commode
_fmode
_acmdln
__C_specific_handler
memcpy
memcmp
_initterm
__setusermatherr
_ismbblead
_cexit
wcscmp

efsadu

EfsUIUtilCheckScardStatus
EfsUIUtilPromptForPinDialog
EfsUIUtilCreateSelfSignedCertificate
EfsUIUtilEnrollEfsCertificateEx

crypt32

CertSetCertificateContextProperty
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetNameStringW
CertCloseStore
CertOpenStore

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

api-ms-win-core-com-l1-1-0

CoTaskMemFree

mpr

WNetGetProviderNameW
WNetGetResourceInformationW

dsrole

DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameW
GetProcAddress

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

efsutil

EfsUtilCheckCurrentKeyCapabilities
EfsUtilGetSmartcardProviderName
EfsUtilGetCurrentUserInformation
EfsUtilGetCertContextFromCertHash
EfsUtilGetCurrentKey
EfsUtilApplyGroupPolicy

comctl32

PropertySheetW
ord345

comdlg32

CommDlgExtendedError
GetSaveFileNameW

cryptui

CryptUIDlgViewCertificateW
CryptUIDlgSelectCertificateW
CryptUIWizExport

ntdll

RtlAllocateHeap
NtQueryInformationFile
RtlRandomEx
RtlFreeHeap

shell32

ShellExecuteW
SHGetFolderPathW
SHCreateItemFromParsingName

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

029ed645eb5be1a0a23cb96b56d282c0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 55KB - Virtual size: 54KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 4KB - Virtual size: 3KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

0186b48c4b71fbb2942fa3fe4e920d76

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

efsadu

crypt32

rpcrt4

api-ms-win-core-com-l1-1-0

mpr

dsrole

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-processthreads-l1-1-1

efsutil

comctl32

comdlg32

cryptui

ntdll

shell32

Sections

.text Size: 70KB - Virtual size: 70KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 25KB - Virtual size: 24KB

.reloc Size: 512B - Virtual size: 220B

.text
Size: 55KB - Virtual size: 54KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 4KB - Virtual size: 3KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 70KB - Virtual size: 70KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 25KB - Virtual size: 24KB

.reloc
Size: 512B - Virtual size: 220B