Vape 0[.]28[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Vape 0.28.zip
Size

70.0MB
MD5

42469e99efce7d4dcf468597c111fcfe
SHA1

471b333b35497010874fca3eeec5f131a8cc7333
SHA256

05a5f2fe5057a872836abcba88790d5efca6b60d65211a9ee4c2e49866ec2f3e
SHA512

3d956ab0da7b821168f9517c5595517c9cf0d1d355328883c0c2d7f4dfbe268d0f487421abf3f675b6b84f8dacc2df76a9190c4eb51ddd02ef7486716ffb0032
SSDEEP

1572864:kfWICQBdYInj358iXRkwYxlA6Kz1at0oTPW5uGH:MtCWYU358cKw8A6KBoL+uGH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Modpacks/wdGl7.dll

Files

Vape 0.28.zip
.zip

Password: L0k32013
Modpacks/WMv5r.jar
.jar
Modpacks/jre-8u161-windows-x64.exe
.exe windows:5 windows x64 arch:x64

Password: L0k32013

beb0baefb528d4a34facf71eb2d435c0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

12:f0:27:7e:0f:23:3b:39:f9:41:9b:06:e8:cd:e3:52
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14/04/2015, 00:00

Not After

13/04/2018, 23:59

Subject

CN=Oracle America\, Inc.,OU=Code Signing Bureau,O=Oracle America\, Inc.,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:48:a4:ca:a4:c0:f0:d1:fb:93:2c:6c:c8:b5:c3:9d:fa:19:60:52
Signer

Actual PE Digest

6e:48:a4:ca:a4:c0:f0:d1:fb:93:2c:6c:c8:b5:c3:9d:fa:19:60:52

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCurrentProcess
GetModuleHandleExW
GetSystemDirectoryA
GetModuleFileNameA
GetTempPathA
LocalFree
CreateFileA
MoveFileExA
GetTickCount
GetFileAttributesA
FindFirstFileA
SetLastError
RemoveDirectoryA
SetFileAttributesA
FindClose
FindNextFileA
CloseHandle
DeleteFileA
Sleep
FormatMessageW
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
FindResourceA
LoadResource
SizeofResource
LockResource
WideCharToMultiByte
MultiByteToWideChar
FreeLibrary
LoadLibraryW
GetStringTypeW
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
GetModuleHandleW
ExitProcess
HeapFree
GetCommandLineA
GetStartupInfoW
GetFileType
WriteFile
GetConsoleCP
GetConsoleMode
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapAlloc
GetModuleHandleA
GetCPInfo
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
GetStdHandle
GetModuleFileNameW
HeapSetInformation
GetVersion
HeapCreate
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetSystemTimeAsFileTime
ReadFile
SetFilePointer
FlushFileBuffers
HeapSize
SetStdHandle
SetEndOfFile
GetProcessHeap
WriteConsoleW
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
CreateFileW
GetProcAddress
GetLastError
CreateDirectoryA
CreateProcessA
SetDllDirectoryA
GetExitCodeProcess
WaitForSingleObject
GetModuleHandleExA
EnterCriticalSection
LCMapStringW

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA

Sections

.text
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67.8MB - Virtual size: 67.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Modpacks/wdGl7.dll
.dll windows:6 windows x64 arch:x64

Password: L0k32013

baa93d47220682c04d92f7797d9224ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Sections

Size: 296KB - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ayoefdte
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xmbjpcxe
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: L0k32013

Password: L0k32013

beb0baefb528d4a34facf71eb2d435c0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

12:f0:27:7e:0f:23:3b:39:f9:41:9b:06:e8:cd:e3:52Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

6e:48:a4:ca:a4:c0:f0:d1:fb:93:2c:6c:c8:b5:c3:9d:fa:19:60:52Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 159KB - Virtual size: 159KB

.rdata Size: 56KB - Virtual size: 56KB

.data Size: 9KB - Virtual size: 19KB

.pdata Size: 8KB - Virtual size: 8KB

.rsrc Size: 67.8MB - Virtual size: 67.8MB

.reloc Size: 11KB - Virtual size: 10KB

Password: L0k32013

baa93d47220682c04d92f7797d9224ce

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comctl32

Sections

Size: 296KB - Virtual size: 700KB

.rsrc Size: 18KB - Virtual size: 362KB

.idata Size: 512B - Virtual size: 4KB

Size: 512B - Virtual size: 3.8MB

ayoefdte Size: 2.5MB - Virtual size: 2.5MB

xmbjpcxe Size: 512B - Virtual size: 4KB

.pdata Size: 29KB - Virtual size: 32KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

12:f0:27:7e:0f:23:3b:39:f9:41:9b:06:e8:cd:e3:52
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

6e:48:a4:ca:a4:c0:f0:d1:fb:93:2c:6c:c8:b5:c3:9d:fa:19:60:52
Signer

.text
Size: 159KB - Virtual size: 159KB

.rdata
Size: 56KB - Virtual size: 56KB

.data
Size: 9KB - Virtual size: 19KB

.pdata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 67.8MB - Virtual size: 67.8MB

.reloc
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 18KB - Virtual size: 362KB

.idata
Size: 512B - Virtual size: 4KB

ayoefdte
Size: 2.5MB - Virtual size: 2.5MB

xmbjpcxe
Size: 512B - Virtual size: 4KB

.pdata
Size: 29KB - Virtual size: 32KB