direct-5-Roexec[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

direct-5-Roexec.zip
Size

515KB
MD5

3b381c0ffce68c39cccc5553f1e2d1ff
SHA1

752e94342225343c625e58c487fd04f931fa9d3f
SHA256

3cb11588696f24328195e8317b38f90c0f23540168c9088a2980c26b7c959541
SHA512

82c3e34c182613b1d5ad1162e2792e849659dfa64c242e2bbad95fa35eb6b7ca1c6d81808245fa2c92d37cb3926560c134b4a499ee7068c4cea212c7e6abeda1
SSDEEP

12288:lcFhirRcuxCk3Fs5ZXotH3AQ7MbRWezpeZYIGc5FW09MsXV:lnRDlVaXgXkVWezpMGjgMq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/compiler.exe

Files

direct-5-Roexec.zip
.zip
Launcher.bat
.bat .vbs
compiler.exe
.exe windows:6 windows x64 arch:x64

f3ff990e590f4e8db83a021dcd6d2046

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

RtlUnwindEx
RaiseException
GetLastError
SetLastError
VirtualFree
VirtualQuery
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
Sleep
CreateThread
LoadLibraryExA
FreeLibrary
GetModuleFileNameA
GetModuleHandleExA
FormatMessageA
VirtualAlloc
VirtualProtect
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
RtlPcToFileHeader
GetCommandLineA
GetCommandLineW
SetConsoleCtrlHandler
ExitProcess
GetModuleHandleExW
ReadFile
CloseHandle
DuplicateHandle
CreateProcessW
GetTempPathW
QueryPerformanceFrequency
GetStdHandle
WriteFile
GetModuleFileNameW
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
GetExitCodeProcess
GetFileAttributesExW
CreatePipe
CreateFileW
GetTimeZoneInformation
MultiByteToWideChar
WideCharToMultiByte
DeleteFileW
MoveFileExW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
SetEndOfFile
RtlUnwind

Exports

Exports

__swprintf_l
__vswprintf_l
_fprintf_l
_fprintf_p
_fprintf_p_l
_fprintf_s_l
_fscanf_l
_fscanf_s_l
_fwprintf_l
_fwprintf_p
_fwprintf_p_l
_fwprintf_s_l
_fwscanf_l
_fwscanf_s_l
_printf_l
_printf_p
_printf_p_l
_printf_s_l
_scanf_l
_scanf_s_l
_scprintf
_scprintf_l
_scprintf_p
_scprintf_p_l
_scwprintf
_scwprintf_l
_scwprintf_p
_scwprintf_p_l
_snprintf
_snprintf_c
_snprintf_c_l
_snprintf_l
_snprintf_s
_snprintf_s_l
_snscanf
_snscanf_l
_snscanf_s
_snscanf_s_l
_snwprintf
_snwprintf_l
_snwprintf_s
_snwprintf_s_l
_snwscanf
_snwscanf_l
_snwscanf_s
_snwscanf_s_l
_sprintf_l
_sprintf_p
_sprintf_p_l
_sprintf_s_l
_sscanf_l
_sscanf_s_l
_swprintf
_swprintf_c
_swprintf_c_l
_swprintf_l
_swprintf_p
_swprintf_p_l
_swprintf_s_l
_swscanf_l
_swscanf_s_l
_vfprintf_l
_vfprintf_p
_vfprintf_p_l
_vfprintf_s_l
_vfscanf_l
_vfscanf_s_l
_vfwprintf_l
_vfwprintf_p
_vfwprintf_p_l
_vfwprintf_s_l
_vfwscanf_l
_vfwscanf_s_l
_vprintf_l
_vprintf_p
_vprintf_p_l
_vprintf_s_l
_vscanf_l
_vscanf_s_l
_vscprintf
_vscprintf_l
_vscprintf_p
_vscprintf_p_l
_vscwprintf
_vscwprintf_l
_vscwprintf_p
_vscwprintf_p_l
_vsnprintf
_vsnprintf_c
_vsnprintf_c_l
_vsnprintf_l
_vsnprintf_s
_vsnprintf_s_l
_vsnwprintf
_vsnwprintf_l
_vsnwprintf_s
_vsnwprintf_s_l
_vsnwscanf_l
_vsnwscanf_s_l
_vsprintf_l
_vsprintf_p
_vsprintf_p_l
_vsprintf_s_l
_vsscanf_l
_vsscanf_s_l
_vswprintf
_vswprintf_c
_vswprintf_c_l
_vswprintf_l
_vswprintf_p
_vswprintf_p_l
_vswprintf_s_l
_vswscanf_l
_vswscanf_s_l
_vwprintf_l
_vwprintf_p
_vwprintf_p_l
_vwprintf_s_l
_vwscanf_l
_vwscanf_s_l
_wprintf_l
_wprintf_p
_wprintf_p_l
_wprintf_s_l
_wscanf_l
_wscanf_s_l
fprintf
fprintf_s
fscanf
fscanf_s
fwprintf
fwprintf_s
fwscanf
fwscanf_s
luaJIT_profile_dumpstack
luaJIT_profile_start
luaJIT_profile_stop
luaJIT_setmode
luaJIT_version_2_1_0_beta3
luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_callmeta
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_error
luaL_execresult
luaL_fileresult
luaL_findtable
luaL_getmetafield
luaL_gsub
luaL_loadbuffer
luaL_loadbufferx
luaL_loadfile
luaL_loadfilex
luaL_loadstring
luaL_newmetatable
luaL_newstate
luaL_openlib
luaL_openlibs
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffer
luaL_pushmodule
luaL_pushresult
luaL_ref
luaL_register
luaL_setfuncs
luaL_setmetatable
luaL_testudata
luaL_traceback
luaL_typerror
luaL_unref
luaL_where
lua_atpanic
lua_call
lua_checkstack
lua_close
lua_concat
lua_copy
lua_cpcall
lua_createtable
lua_dump
lua_equal
lua_error
lua_gc
lua_getallocf
lua_getfenv
lua_getfield
lua_gethook
lua_gethookcount
lua_gethookmask
lua_getinfo
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_insert
lua_iscfunction
lua_isnumber
lua_isstring
lua_isuserdata
lua_isyieldable
lua_lessthan
lua_load
lua_loadx
lua_newstate
lua_newthread
lua_newuserdata
lua_next
lua_objlen
lua_pcall
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawset
lua_rawseti
lua_remove
lua_replace
lua_resume
lua_setallocf
lua_setfenv
lua_setfield
lua_sethook
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_status
lua_toboolean
lua_tocfunction
lua_tointeger
lua_tointegerx
lua_tolstring
lua_tonumber
lua_tonumberx
lua_topointer
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_upvalueid
lua_upvaluejoin
lua_version
lua_xmove
lua_yield
luaopen_base
luaopen_bit
luaopen_debug
luaopen_ffi
luaopen_io
luaopen_jit
luaopen_math
luaopen_os
luaopen_package
luaopen_string
luaopen_table
printf
printf_s
scanf
scanf_s
snprintf
sprintf
sprintf_s
sscanf
sscanf_s
swprintf
swprintf_s
swscanf
swscanf_s
vfprintf
vfprintf_s
vfscanf
vfscanf_s
vfwprintf
vfwprintf_s
vfwscanf
vfwscanf_s
vprintf
vprintf_s
vscanf
vscanf_s
vsnprintf
vsnprintf_s
vsprintf
vsprintf_s
vsscanf
vsscanf_s
vswprintf
vswprintf_s
vswscanf
vswscanf_s
vwprintf
vwprintf_s
vwscanf
vwscanf_s
wprintf
wprintf_s
wscanf
wscanf_s

Sections

.text
Size: 669KB - Virtual size: 669KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
config

Sharing

General

Malware Config

Signatures

Files

f3ff990e590f4e8db83a021dcd6d2046

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 669KB - Virtual size: 669KB

.rdata Size: 130KB - Virtual size: 129KB

.data Size: 4KB - Virtual size: 8KB

.pdata Size: 33KB - Virtual size: 33KB

_RDATA Size: 512B - Virtual size: 252B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 669KB - Virtual size: 669KB

.rdata
Size: 130KB - Virtual size: 129KB

.data
Size: 4KB - Virtual size: 8KB

.pdata
Size: 33KB - Virtual size: 33KB

_RDATA
Size: 512B - Virtual size: 252B

.reloc
Size: 3KB - Virtual size: 3KB