DeathNote[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

DeathNote.zip
Size

5.8MB
MD5

9c5955a80f5c7c138a1f1de286c8eb12
SHA1

00972ae71a3c4254ac72819f55376337fc9edbd0
SHA256

2b636b42e8e82fb1f0a309c59766e501f468d7b4d99eb4ea7c1e5461ef6e53fe
SHA512

f289416957df66c230860dc46018e01d887cae4f8909d633ea241355241ffeaad9a790736073bae7ef011c6fe9f1e9f4888b4ce9f143c0433e8f6575fe18bae3
SSDEEP

98304:S7A1x/Hx6twhOISfb7knxZmWdrJmwVnGU51GqZ/I51evl/bGooDcI:R1xpKgv+knFXV35oqGPeVSfDcI

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/DeathNote.exe
unpack001/Utility.dll

Files

DeathNote.zip
.zip

Password: novirus
DeathNote.exe
.exe windows:6 windows x86 arch:x86

Password: novirus

4c7c0ba9b45c9a5995b721f0b1496282

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\abdel\source\repos\CybetTalent\Malware\Malware_C2_H\Release\Malware_C2_H.pdb

Imports

utility

Function1_

kernel32

VirtualAllocEx
ReadFile
WriteProcessMemory
HeapFree
GetCurrentProcess
CreateFileW
OpenProcess
CreateToolhelp32Snapshot
GetTickCount64
GetLastError
Process32NextW
CreateFileA
Process32FirstW
CloseHandle
LoadLibraryW
HeapAlloc
GetProcAddress
GetSystemTimeAsFileTime
GetFileSize
ExitProcess
GetProcessHeap
GetModuleHandleW
FreeLibrary
CreateRemoteThread
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead

bcrypt

BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptDestroyKey
BCryptEncrypt
BCryptSetProperty
BCryptExportKey
BCryptCloseAlgorithmProvider
BCryptGenerateSymmetricKey

ws2_32

closesocket
WSACleanup
sendto
WSAGetLastError

vcruntime140

_CxxThrowException
__std_exception_destroy
__std_exception_copy
_except_handler4_common
memset
__current_exception_context
__current_exception
memcpy

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode
__stdio_common_vfprintf
__stdio_common_vfwprintf
__acrt_iob_func

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_seh_filter_exe
_set_app_type
_crt_atexit
_initialize_narrow_environment
_controlfp_s
_initterm
_initterm_e
exit
_initialize_onexit_table
__p___argc
_exit
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment
terminate
_configure_narrow_argv
__p___argv

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
_callnewh
free

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Pcap.pcapng
Utility.dll
.dll windows:6 windows x86 arch:x86

Password: novirus

a0a447064a8da71a5ec8ed68ee86aae8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\abdel\source\repos\CybetTalent\Malware\Malware_C2_H\Release\Utility.pdb

Imports

kernel32

LoadLibraryW
GetProcAddress
CheckRemoteDebuggerPresent
GetCurrentProcess
IsDebuggerPresent
ExitProcess
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

vcruntime140

memset
_except_handler4_common
__std_type_info_destroy_list

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_initterm_e
_initterm
_cexit
_execute_onexit_table
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table

Exports

Exports

Function1_
Function2

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: novirus

Password: novirus

4c7c0ba9b45c9a5995b721f0b1496282

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

utility

kernel32

bcrypt

ws2_32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 5KB - Virtual size: 7KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1024B - Virtual size: 940B

Password: novirus

a0a447064a8da71a5ec8ed68ee86aae8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 368B

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 5KB - Virtual size: 7KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 940B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 368B