14022024_0039_setordinal[.]zip

Resubmissions

05-04-2024 15:25

240405-stqqgsfe7x 10

13-02-2024 16:39

240213-t6fxgsda8t 7

Sharing

Copy URL

Twitter E-mail

General

Target

14022024_0039_setordinal.zip
Size

868KB
MD5

b35348a9fa5f2223ec6064cc49151722
SHA1

e69671994927c9fe7dbc2e11a3ab11794932d3cc
SHA256

d7056dfce17c0f4c51d35bd23eca5eedd591f35a7ca468d5aa1e42e7f08fbef2
SHA512

f59a00eb0cf4b6f564adea796bbeda8e1275ebd20fa1eb909744b3a005e7ff79e349cff7cc9f58ccc6c106a180f1c1125bf66e5af0b3e443cbc6839b804f1591
SSDEEP

24576:YJrISG0ZslcqjT6Jp9gqkrj3n1hnJMipPY:ivGhlJj+7WXH31u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/setordinal.dll

Files

14022024_0039_setordinal.zip
.zip

Password: infected
launcher.bat
setordinal.dll
.dll windows:6 windows x64 arch:x64

Password: infected

2e0fd88af4a33329d879e6814d9e1240

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\windows\temp\bazel-output-base\execroot\__main__\bazel-out\x64_windows-opt\bin\modules\sophtain\sophtlib.pdb

Imports

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

ws2_32

closesocket
WSASetLastError
send
recv
WSAGetLastError
WSACleanup

kernel32

GetModuleFileNameW
SetEndOfFile
FindClose
MultiByteToWideChar
GetLastError
FileTimeToSystemTime
WideCharToMultiByte
SystemTimeToTzSpecificLocalTime
HeapFree
InitializeCriticalSectionEx
HeapSize
HeapReAlloc
RaiseException
HeapAlloc
DeleteCriticalSection
GetProcessHeap
GetCurrentProcessId
WriteFile
GetCurrentProcess
LoadLibraryA
GetProcAddress
GetModuleHandleW
FreeLibrary
GetStdHandle
GetFileType
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
DeleteFiber
ConvertFiberToThread
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
LoadLibraryW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
CreateEventW
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
OutputDebugStringW
LCMapStringW
CompareStringW
FindNextFileW
GetFullPathNameW
SetLastError
FindFirstFileW
GetFileSize
CloseHandle
CreateFileW
SetFilePointer
ReadFile
GetStringTypeW
GetConsoleOutputCP
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
SetStdHandle
GetCurrentDirectoryW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetTimeZoneInformation
WriteConsoleW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
RtlUnwindEx
InterlockedFlushSList
EncodePointer
LoadLibraryExW
RtlPcToFileHeader
GetModuleHandleExW
ExitProcess
SetConsoleCtrlHandler
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe

user32

MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation

advapi32

RegisterEventSourceW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
DeregisterEventSource

bcrypt

BCryptGenRandom

Exports

Exports

CreateSophtainArchList
CreateSophtainExtList
bhuf
CreateSophtainer
GetSophtainerSection

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 547KB - Virtual size: 547KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

2e0fd88af4a33329d879e6814d9e1240

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

ws2_32

kernel32

user32

advapi32

bcrypt

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 547KB - Virtual size: 547KB

.data Size: 10KB - Virtual size: 27KB

.pdata Size: 55KB - Virtual size: 54KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 57KB - Virtual size: 57KB

.reloc Size: 21KB - Virtual size: 20KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 547KB - Virtual size: 547KB

.data
Size: 10KB - Virtual size: 27KB

.pdata
Size: 55KB - Virtual size: 54KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 57KB - Virtual size: 57KB

.reloc
Size: 21KB - Virtual size: 20KB