Desktop[.]zip | Triage

Resubmissions

15/03/2024, 18:17

240315-ww5tzafe3t 7

15/03/2024, 18:16

240315-wwjxhahe47 7

15/03/2024, 18:01

240315-wl8swafb4z 7

14/03/2024, 16:03

240314-thttfaae76 7

Sharing

Copy URL Twitter E-mail

General

Target

Desktop.zip
Size

19.6MB
MD5

aca53cf4684096d7ca54288e016efa4c
SHA1

1371a80e3e370d9dc6a516ae4e223c8feefda187
SHA256

48777d5a450cac9b5a1d90b3e45a648e5b08266a6290cd102144445e5ff99991
SHA512

3ca8dc7262445eab860b2193610c8c4085478ee1d8f585ebb08bd1a173b8ee01ac83e112ec07564aaca591302e7277af27e85b4648968bedc1c1bf046c488280
SSDEEP

393216:5aKcUAeXtp4T7Qe+r6toktKxB9prb5NYWPUyMX/xYHzIEcwFGZzaBzr8:5tWUn4T0euXNDUZ/hdwFGZCH8

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Smessenger.exe
unpack001/install_messenger.exe

Files

Desktop.zip
.zip

Password: infected
Smessenger.exe
.exe windows:5 windows x86 arch:x86

Password: infected

a0643af2540a238512ecb1f625f02665

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

ReadConsoleA
SetConsoleMode
CreateDirectoryW
SizeofResource
FindFirstFileW
HeapFree
FindNextFileW
GetCurrentProcess
TerminateProcess
InitializeCriticalSectionAndSpinCount
FindClose
WaitForSingleObject
GetVersionExW
OpenFileMappingW
UnmapViewOfFile
HeapSize
MultiByteToWideChar
ProcessIdToSessionId
Sleep
GetLastError
LockResource
HeapReAlloc
CloseHandle
RaiseException
LoadResource
FindResourceW
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
CreateProcessW
CopyFileW
WideCharToMultiByte
MapViewOfFile
GetTickCount
CreateFileMappingW
RemoveDirectoryW
GetModuleFileNameW
GetFileAttributesW
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
DeleteFileW
Process32FirstW
LocalFree
GetCurrentDirectoryW
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
FormatMessageW
GetModuleHandleW
CreateFileW
SetFileAttributesW
GetUserDefaultUILanguage
GetLocaleInfoW
FindResourceExW
GetComputerNameExW
GetComputerNameW
GetTempPathW
LoadLibraryW
CreateThread
GetProcAddress
FreeLibrary
GetTempFileNameW
GetEnvironmentVariableW
GetSystemInfo
VerSetConditionMask
VerifyVersionInfoW
InterlockedDecrement
WaitForMultipleObjects
CreateEventW
GetExitCodeThread
SetEvent
ResetEvent
InterlockedIncrement
LocalAlloc
lstrlenW
OutputDebugStringW
LocalSize
ReadFile
SetLastError
WriteFile
GetCurrentThreadId
GlobalFree
GetLocalTime
GetFileSize
FlushFileBuffers
GetSystemTimeAsFileTime
GetCommandLineW
CreateMutexW
SetDllDirectoryA
GlobalAlloc
SetCurrentDirectoryW
LoadLibraryExW
GetExitCodeProcess
GetStdHandle
ReleaseMutex
IsBadStringPtrW
lstrcmpiW
SetFileTime
SetFilePointer
LocalFileTimeToFileTime
SystemTimeToFileTime
FormatMessageA
CreateFileA
VirtualProtect
VirtualQuery
LoadLibraryExA
GetACP
OutputDebugStringA
GetModuleHandleA
GlobalLock
GlobalUnlock
MulDiv
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
EncodePointer
GetSystemDirectoryW
FreeResource
LoadLibraryA
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
CompareStringW
GetFullPathNameW
GetVolumeInformationW
LockFile
SetEndOfFile
UnlockFile
DuplicateHandle
GetThreadLocale
SetThreadPriority
GetCurrentThread
lstrcmpA
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetSystemDefaultUILanguage
GlobalFlags
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SetErrorMode
GetUserDefaultLCID
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
GetSystemTime
WriteConsoleW
SetConsoleCtrlHandler
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
EnumSystemLocalesW
IsValidLocale
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableA
HeapQueryInformation
ExitThread
SetStdHandle
GetCommandLineA
ExitProcess
PeekNamedPipe
GetFileType
GetDriveTypeW
RtlUnwind
SetFileCompletionNotificationModes
GetTickCount64
InitOnceExecuteOnce
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeSRWLock
GetQueuedCompletionStatusEx
CreateIoCompletionPort
GetHandleInformation
MoveFileExW
SetEnvironmentVariableW
GetTimeZoneInformation
GetLongPathNameW
QueueUserWorkItem
GetModuleHandleExW
FindFirstFileExW
SetFilePointerEx
AreFileApisANSI
SwitchToThread
QueryPerformanceFrequency
LCMapStringW
GetStringTypeW
GetCPInfo
CreateTimerQueue
SignalObjectAndWait
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
VirtualAlloc
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx

oleaut32

VariantInit
VariantClear
VariantChangeType
SysAllocString
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString
OleCreateFontIndirect
VariantCopy
SafeArrayDestroy
SysAllocStringLen

oledlg

OleUIBusyW

urlmon

URLDownloadToFileW

secur32

LsaGetLogonSessionData
LsaFreeReturnBuffer
LsaEnumerateLogonSessions

sensapi

IsNetworkAlive

bcrypt

BCryptGenRandom

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 956KB - Virtual size: 956KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
install_messenger.exe
.exe windows:5 windows x86 arch:x86

Password: infected

42669f99775f2f541a042cacf40fa06b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\CodeBases\isdev\redist\Language Independent\i386\ISP\setup.pdb

Imports

comctl32

ord17

kernel32

CompareStringW
CompareStringA
GetSystemDefaultLangID
GetUserDefaultLangID
ExpandEnvironmentStringsW
GetCurrentDirectoryW
FileTimeToLocalFileTime
GetFileTime
SetFileAttributesW
HeapAlloc
HeapFree
GetProcessHeap
CopyFileW
GetSystemDefaultUILanguage
GlobalAlloc
LocalFree
MulDiv
GetVersionExW
InterlockedDecrement
InterlockedIncrement
GetTempPathW
CreateFileW
LoadLibraryA
GetSystemDirectoryA
FindResourceW
GlobalUnlock
GlobalLock
IsBadReadPtr
LockResource
LoadResource
MultiByteToWideChar
MoveFileExW
WriteProcessMemory
VirtualProtectEx
GetWindowsDirectoryW
GetSystemDirectoryW
FlushInstructionCache
SetThreadContext
GetThreadContext
ResumeThread
TerminateProcess
ExitProcess
MoveFileW
GetPrivateProfileIntW
LoadLibraryW
lstrcatW
lstrcpynW
lstrcmpiW
LoadLibraryExW
FreeLibrary
FindResourceExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
VirtualQuery
GetSystemInfo
GetSystemTimeAsFileTime
CreateEventW
CreateMutexW
ReleaseMutex
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
QueryPerformanceFrequency
FreeResource
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcatA
lstrcmpiA
FlushFileBuffers
WriteConsoleW
SetStdHandle
OutputDebugStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SetErrorMode
RaiseException
WriteFile
SetFilePointer
GetFileSize
GetFileAttributesW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
FindFirstFileW
FindClose
CreateDirectoryW
VerLanguageNameW
IsValidLocale
GetLocaleInfoW
WideCharToMultiByte
lstrcpyA
GetTickCount
ExitThread
CreateThread
GetExitCodeProcess
ReadFile
GetCommandLineW
SizeofResource
FormatMessageW
GetCurrentProcess
WaitForSingleObject
SetLastError
GetLastError
DuplicateHandle
RemoveDirectoryW
DeleteFileW
SetCurrentDirectoryW
lstrlenW
lstrcpyW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
CreateProcessW
Sleep
CloseHandle
GlobalFree
ReadConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileType
HeapReAlloc
GetStdHandle
HeapSize
GetModuleHandleExW
GetStringTypeW
GetCurrentThreadId
GetCPInfo
GetOEMCP
IsValidCodePage
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetACP
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwind
FindNextFileW
lstrcmpW
GetCurrentThread
QueryPerformanceCounter
lstrcmpA
SystemTimeToFileTime
ResetEvent
SetEvent
GetDateFormatW
GetTimeFormatW
GetTempFileNameW
CompareFileTime
SetFileTime
OpenProcess
GetProcessTimes
InterlockedExchange
LoadLibraryExA
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
LCMapStringW
GetVersion
GetCurrentProcessId
GetLocalTime
lstrlenA

user32

DialogBoxIndirectParamW
MoveWindow
SendMessageW
WaitForInputIdle
wsprintfW
GetDlgItem
SetDlgItemTextW
EndDialog
SetForegroundWindow
SetWindowTextW
GetWindowRect
MessageBoxW
GetWindowLongW
SetWindowLongW
LoadIconW
TranslateMessage
DispatchMessageW
PeekMessageW
SetActiveWindow
SystemParametersInfoW
GetWindow
FillRect
GetSysColor
MapWindowPoints
RemovePropW
GetPropW
SetPropW
EndPaint
BeginPaint
EnableMenuItem
GetSystemMetrics
SetFocus
ExitWindowsEx
CharUpperW
wsprintfA
CallWindowProcW
CreateWindowExW
DrawIcon
DrawTextW
UpdateWindow
GetWindowDC
InvalidateRect
DrawFocusRect
CopyRect
InflateRect
EnumChildWindows
GetClassNameW
MapDialogRect
RegisterClassExW
GetDlgItemTextW
IntersectRect
MonitorFromPoint
DefWindowProcW
GetMessageW
LoadStringW
LoadImageW
ReleaseDC
GetDC
CreateDialogParamW
GetParent
GetWindowTextW
CharNextW
GetDesktopWindow
GetClientRect
IsWindowEnabled
CreateDialogIndirectParamW
IsWindowVisible
IsDialogMessageW
FindWindowExW
ScreenToClient
EnableWindow
MsgWaitForMultipleObjects
SendDlgItemMessageW
SetWindowPos
ShowWindow
DestroyWindow
IsWindow
PostMessageW

gdi32

SetTextColor
SetBkMode
SetBkColor
SaveDC
RestoreDC
CreateSolidBrush
UnrealizeObject
CreateHalftonePalette
GetDIBColorTable
SelectPalette
SelectObject
RealizePalette
GetSystemPaletteEntries
GetDeviceCaps
DeleteDC
CreatePalette
CreateCompatibleDC
BitBlt
GetObjectW
TranslateCharsetInfo
DeleteObject
CreateFontIndirectW
CreateCompatibleBitmap
CreateDCW
CreatePatternBrush
GetStockObject
GetTextExtentPoint32W
DeleteMetaFile
CreateDIBitmap
CreateBitmap
CreateRectRgn
PatBlt
PlayMetaFile
SelectClipRgn
SetMapMode
SetMetaFileBitsEx
SetPixel
StretchBlt
SetStretchBltMode
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
TextOutW

advapi32

RegEnumValueW
RegQueryValueExW
SetEntriesInAclW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateWellKnownSid
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyW
OpenProcessToken
AdjustTokenPrivileges
AllocateAndInitializeSid
FreeSid
LookupPrivilegeValueW
RegEnumKeyW
OpenThreadToken
GetTokenInformation
EqualSid

shell32

ShellExecuteExW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitializeSecurity
CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize

oleaut32

VarUI4FromStr
VarBstrCmp
VariantChangeType
VarBstrCat
SysAllocString
SysFreeString
SysStringLen
SysAllocStringLen
SysReAllocStringLen
GetErrorInfo
SysStringByteLen
VariantInit
SysAllocStringByteLen
VariantClear

shlwapi

PathFileExistsW

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW

gdiplus

GdipFree
GdipDrawImageRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromResource
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipGetImageWidth
GdipGetImageHeight
GdipAlloc

Sections

.text
Size: 421KB - Virtual size: 420KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 312KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

a0643af2540a238512ecb1f625f02665

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

oleaut32

oledlg

urlmon

secur32

sensapi

bcrypt

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 956KB - Virtual size: 956KB

.data Size: 52KB - Virtual size: 89KB

.rsrc Size: 49KB - Virtual size: 49KB

.reloc Size: 148KB - Virtual size: 147KB

Password: infected

42669f99775f2f541a042cacf40fa06b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

rpcrt4

gdiplus

Sections

.text Size: 421KB - Virtual size: 420KB

.rdata Size: 99KB - Virtual size: 98KB

.data Size: 9KB - Virtual size: 18KB

.rsrc Size: 312KB - Virtual size: 311KB

.reloc Size: 96KB - Virtual size: 96KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 956KB - Virtual size: 956KB

.data
Size: 52KB - Virtual size: 89KB

.rsrc
Size: 49KB - Virtual size: 49KB

.reloc
Size: 148KB - Virtual size: 147KB

.text
Size: 421KB - Virtual size: 420KB

.rdata
Size: 99KB - Virtual size: 98KB

.data
Size: 9KB - Virtual size: 18KB

.rsrc
Size: 312KB - Virtual size: 311KB

.reloc
Size: 96KB - Virtual size: 96KB