pathfinders_16584726268[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

pathfinders_16584726268.zip
Size

5.2MB
MD5

9f4cce0656cfd8fc8e31968345570bf2
SHA1

06dd49b543494d3d9eda82c3c803581a6a2cfe8c
SHA256

5fadf8167fa10ccceb0744518ef29616091aded8492e30376d999e3a27275f13
SHA512

659d27391e1dc173ec43ca1d9f8ab091a6f6215c5263f7802d3843dcf5c6a7ef2df8bf461b0bdb9cf3d49b9ae24464e47f6ee1ddd3e593a5aaa6b26b3727de35
SSDEEP

98304:F3gF0EfYffGHfQgL6Ei5yZjOqZTWfOpi//pe7RlR3rUyB/53cJ4tuY:F+0oYmHfHdD3CQu/pofrNBR3cJ4tuY

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/179a1e52c92e2ceac4acb71be5ff6ed02b7655d514a15837c0836e44bbbc0be3
unpack001/975065adddb175da1d950bdcfe654ef000f012e8812948d412083da9812da376

Files

pathfinders_16584726268.zip
.zip

Password: infected
179a1e52c92e2ceac4acb71be5ff6ed02b7655d514a15837c0836e44bbbc0be3
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
975065adddb175da1d950bdcfe654ef000f012e8812948d412083da9812da376
.exe windows:6 windows x64 arch:x64

3fcc5d8fb8b1ed10eef56e95773c62f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

NtDeviceIoControlFile
NtCreateFile
RtlLookupFunctionEntry
RtlCaptureContext
RtlNtStatusToDosError
NtCancelIoFileEx
RtlUnwindEx
RtlPcToFileHeader
RtlVirtualUnwind

kernel32

GetStdHandle
GetConsoleMode
WriteConsoleW
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetCurrentProcess
ReleaseMutex
GetEnvironmentVariableW
GetModuleHandleW
FormatMessageW
GetTempPathW
SetFilePointerEx
GetFileInformationByHandleEx
GetFullPathNameW
FlushFileBuffers
FindNextFileW
CreateDirectoryW
FindFirstFileW
SleepConditionVariableSRW
WakeConditionVariable
ReleaseSRWLockExclusive
SetFileCompletionNotificationModes
CreateIoCompletionPort
SetHandleInformation
TryAcquireSRWLockExclusive
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
GetCurrentProcessId
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
GetCurrentThread
GetProcAddress
WaitForMultipleObjects
GetOverlappedResult
CreateEventW
CancelIo
ReadFile
GetModuleHandleA
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetCurrentDirectoryW
AcquireSRWLockShared
ReleaseSRWLockShared
LoadLibraryExW
CopyFileExW
PostQueuedCompletionStatus
GetFinalPathNameByHandleW
SetLastError
GetQueuedCompletionStatusEx
WakeAllConditionVariable
GetSystemInfo
SwitchToThread
CreateFileW
SetFileInformationByHandle
GetModuleFileNameW
HeapReAlloc
GetProcessHeap
HeapAlloc
Sleep
GetExitCodeProcess
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
WaitForSingleObject
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetFileInformationByHandle
TerminateProcess
SetThreadStackGuarantee
AddVectoredExceptionHandler
CloseHandle
FindClose
ExitProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetLastError
AcquireSRWLockExclusive
HeapFree
EncodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
DeleteFileW

ws2_32

ioctlsocket
WSASocketW
getsockname
getpeername
setsockopt
WSAIoctl
socket
getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
WSAGetLastError
accept
closesocket
listen
bind
select
getsockopt
recv
send
WSASend
connect
shutdown

oleaut32

SafeArrayDestroy
VariantClear
SafeArrayAccessData
SafeArrayGetUBound
SysAllocStringLen
SafeArrayUnaccessData
SysFreeString
SafeArrayGetLBound

crypt32

CertDuplicateCertificateContext
CertDuplicateStore
CryptUnprotectData
CertFreeCertificateChain
CertDuplicateCertificateChain
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertCloseStore
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertOpenStore
CertGetCertificateChain

rstrtmgr

RmStartSession
RmRegisterResources
RmGetList

user32

GetMonitorInfoW
EnumDisplaySettingsExW
EnumDisplayMonitors

bcrypt

BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptGenRandom

advapi32

AllocateAndInitializeSid
RegQueryValueExW
RegOpenKeyExW
SystemFunction036
FreeSid
CheckTokenMembership
RegCloseKey

secur32

DecryptMessage
ApplyControlToken
EncryptMessage
DeleteSecurityContext
FreeCredentialsHandle
AcquireCredentialsHandleA
QueryContextAttributesW
InitializeSecurityContextW
AcceptSecurityContext
FreeContextBuffer

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetStretchBltMode
StretchBlt
GetDIBits
GetObjectW
DeleteObject
DeleteDC
CreateDCW
GetDeviceCaps

ole32

CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoInitializeEx

api-ms-win-crt-math-l1-1-0

exp2f
_dclass
log
roundf
pow
ceil
__setusermatherr
powf
truncf

api-ms-win-crt-string-l1-1-0

wcsncmp
strlen
strncmp
strcpy_s
strcmp
strcspn

api-ms-win-crt-heap-l1-1-0

malloc
_msize
free
realloc
calloc
_set_new_mode

api-ms-win-crt-utility-l1-1-0

_rotl64
qsort

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_seh_filter_exe
_initterm_e
_endthreadex
_register_onexit_function
abort
_beginthreadex
exit
_exit
_crt_atexit
__p___argc
_initialize_onexit_table
__p___argv
_initterm
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
terminate
_set_app_type

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 24KB - Virtual size: 27KB

.pdata Size: 82KB - Virtual size: 82KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 34KB - Virtual size: 33KB

3fcc5d8fb8b1ed10eef56e95773c62f3

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

ws2_32

oleaut32

crypt32

rstrtmgr

user32

bcrypt

advapi32

secur32

gdi32

ole32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 24KB - Virtual size: 27KB

.pdata Size: 82KB - Virtual size: 82KB

_RDATA Size: 512B - Virtual size: 500B

.reloc Size: 34KB - Virtual size: 33KB

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 24KB - Virtual size: 27KB

.pdata
Size: 82KB - Virtual size: 82KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 34KB - Virtual size: 33KB

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 24KB - Virtual size: 27KB

.pdata
Size: 82KB - Virtual size: 82KB

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 34KB - Virtual size: 33KB