09042024_0016_08042024_vmss2core[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

09042024_0016_08042024_vmss2core.zip
Size

273KB
MD5

defbbb5a5788d849a0ef29c7b44a49b1
SHA1

d3dff51014ec143a0ddc134078255d521e4ec327
SHA256

092a0fdbe32765847c57d240409c698eda10fd3462b24ccdf4ff5aee8a61a7fe
SHA512

586dd5216b753241bf154c2c13b98e1d75610e1413e2feee2e1dd3bb1605cfd49b48bfdde05eea6dab287d0c9016383a494ad309895d20b6036f49ee863d66fd
SSDEEP

6144:RpiEpcIEw3ChlqxqPw1v8Ff4mJ5J7TMeiaseIpgOlTiWjPnbaLkjt+0fS:T7Ew3Wqxl0FfdB7iaseZsiyaLkj40K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/vmss2core.exe

Files

09042024_0016_08042024_vmss2core.zip
.zip

Password: infected
vmss2core.exe
.exe windows:6 windows x86 arch:x86

Password: infected

dffae2dfd73c581d7dbe773160201f5f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\build\ob\sb-8456865\bora\build\build\vmss2core\release\win32\vmss2core.pdb

Imports

msvcr120

_except_handler4_common
_controlfp_s
_invoke_watson
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
__crtSetUnhandledExceptionFilter
?terminate@@YAXXZ
_except1
_commode
_fmode
__initenv
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_vsnprintf
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
scanf
fgets
fgetc
fflush
isalnum
sprintf
getenv
_fcvt_s
_ecvt_s
_strupr
islower
strncat
tolower
frexp
localeconv
wcrtomb
_wgetenv
isdigit
fputs
_getpid
strcspn
_vacopy
strstr
strtol
strtod
_strtoui64
calloc
_strdup
memchr
_strlwr
realloc
_strnicmp
_wfullpath
wcsncmp
strtok_s
_stricmp
isspace
strrchr
_snprintf
memmove
atoi
strncpy
strchr
memset
memcpy
sscanf
printf
fwrite
fprintf
__iob_func
strncmp
malloc
free
strtoul
bsearch
abort
exit
_errno

kernel32

TlsAlloc
IsBadReadPtr
TlsGetValue
TlsSetValue
OpenThread
GetExitCodeThread
TlsFree
DecodePointer
EncodePointer
IsProcessorFeaturePresent
IsDebuggerPresent
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemFirmwareTable
InitializeCriticalSection
GetACP
VirtualQuery
MultiByteToWideChar
LocalFree
GetFileAttributesW
QueryPerformanceFrequency
QueryPerformanceCounter
lstrcmpiA
GetModuleHandleA
GetVersionExA
GetSystemInfo
GetExitCodeProcess
GetSystemTimeAsFileTime
Sleep
WideCharToMultiByte
CreateFileA
GetFileSizeEx
CloseHandle
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
CreateFileW
ReadFile
SetFilePointerEx
WriteFile
GetLastError
SetLastError
GetCurrentProcess
GetCurrentProcessId
GetFileInformationByHandle
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
RemoveDirectoryW
MoveFileExW
OpenProcess
GetModuleHandleW
GetProcAddress
GetCurrentThread
GetVolumeInformationW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentThreadId
GetTickCount
GetTempPathW
GetCompressedFileSizeW
GetComputerNameExW
FreeLibrary
LoadLibraryA
OutputDebugStringA
GetModuleFileNameW
FormatMessageW
LoadLibraryW

user32

MessageBoxW

advapi32

AccessCheck
GetFileSecurityW
ImpersonateSelf
MapGenericMask
RevertToSelf
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
GetNamedSecurityInfoW
GetExplicitEntriesFromAclW
RegCreateKeyExW
OpenThreadToken
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
SetSecurityDescriptorControl
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
GetSecurityDescriptorControl
GetLengthSid
FreeSid
EqualSid
AllocateAndInitializeSid
AddAccessAllowedAce
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetUserNameW

ole32

CoUninitialize
CoInitialize
CoQueryProxyBlanket
CoSetProxyBlanket
CoCreateInstance
CoTaskMemFree

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

shell32

SHGetFolderPathW

Sections

.text
Size: 325KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 102KB - Virtual size: 260.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 37B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

dffae2dfd73c581d7dbe773160201f5f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr120

kernel32

user32

advapi32

ole32

oleaut32

shell32

Sections

.text Size: 325KB - Virtual size: 324KB

.rdata Size: 172KB - Virtual size: 171KB

.data Size: 102KB - Virtual size: 260.3MB

.tls Size: 512B - Virtual size: 37B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 24KB - Virtual size: 23KB

.text
Size: 325KB - Virtual size: 324KB

.rdata
Size: 172KB - Virtual size: 171KB

.data
Size: 102KB - Virtual size: 260.3MB

.tls
Size: 512B - Virtual size: 37B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 24KB - Virtual size: 23KB