readme[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

readme.zip
Size

19.4MB
MD5

181d0feed40eda5e186fdae1b560efef
SHA1

db0a0fc03f2ab0b946b0d63f3ae5c307f5925263
SHA256

b42f057e86d658a61c518cee1ea307e40e8a79d2025be2101a0569db050aeb9c
SHA512

16abc84e201de7565bb956565e5b268ab82126d05e9e6021831a5ef47a605cf1fe78b1f52a4cd25638b0cdd0f69984c4469ab228f3c25e9d28bd30fa82321b2f
SSDEEP

393216:C4D7oEAGBpwwHLT3nuBXqVsVP7O/AF6YgzMHesmZIwlDsaKWI:z7AypDLzC6VD/5kesIl/KWI

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/ZSqNvsi0ZjSW.exe	pyinstaller

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ZSqNvsi0ZjSW.exe
unpack001/crack.dll

Files

readme.zip
.zip
ZSqNvsi0ZjSW.exe
.exe windows:5 windows x64 arch:x64

f4f2e2b03fe5666a721620fcea3aea9b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExW
PostMessageW
GetMessageW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW

comctl32

ord380

kernel32

IsValidCodePage
GetStringTypeW
GetFileAttributesExW
HeapReAlloc
FlushFileBuffers
GetCurrentDirectoryW
GetACP
GetOEMCP
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
CreateFileW
GetFinalPathNameByHandleW
CloseHandle
GetModuleFileNameW
CreateSymbolicLinkW
GetCPInfo
GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEndOfFile
GetProcAddress
GetSystemTimeAsFileTime
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

advapi32

OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lfGAYZ9G5O4q.pyc
crack.dll
.exe windows:6 windows x64 arch:x64

5301a115b797c5c6c6620c6dd7bae667

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

J:\multiloader\bin\Release\inj.pdb

Imports

kernel32

SetPriorityClass
GetCurrentProcess
GetShortPathNameW
TerminateProcess
SetThreadPriority
GetEnvironmentVariableW
OpenProcess
MultiByteToWideChar
GetCurrentThread
lstrcatW
lstrcpyW
DeleteFileW
GetFileAttributesW
FindClose
RtlUnwind
SystemTimeToFileTime
GetSystemTime
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
ReadConsoleA
SetConsoleMode
GetTempPathW
FindNextFileW
FindFirstFileW
GetProcAddress
LoadLibraryA
GetModuleHandleA
RtlAddFunctionTable
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileA
WriteConsoleW
HeapSize
SetEndOfFile
SetStdHandle
VirtualAlloc
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
SetConsoleCtrlHandler
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
VirtualProtect
CloseHandle
WideCharToMultiByte
GetUserDefaultLocaleName
CopyFileW
Sleep
SetFilePointerEx
GetFileSizeEx
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
HeapAlloc
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
GetFileType
ReadFile
WriteFile
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
SetFileAttributesW
GetModuleFileNameW
GetCommandLineW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetCurrentThreadId
WaitForSingleObjectEx
GetExitCodeThread
FormatMessageA
LocalFree
GetLocaleInfoEx
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
AreFileApisANSI
GetLastError
GetModuleHandleW
MoveFileExW
GetFileInformationByHandleEx
QueryPerformanceCounter
QueryPerformanceFrequency
WakeAllConditionVariable
SleepConditionVariableSRW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetSystemTimeAsFileTime
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
VerSetConditionMask
VerifyVersionInfoW
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalFree
GetWindowsDirectoryW
SleepEx
GetSystemDirectoryW
FreeLibrary
LoadLibraryW
GetTickCount
CompareFileTime
GetEnvironmentVariableA
SetLastError
FormatMessageW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc

user32

CreateWindowExW
SendMessageTimeoutW
GetWindowRect
GetWindowThreadProcessId
SetWindowPos
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
OpenClipboard
SystemParametersInfoW
ReleaseCapture
MapVirtualKeyW
SetCapture
GetCapture
ShowWindow
ScreenToClient
GetCursorPos
SetCursorPos
ClientToScreen
GetKeyState
GetClientRect
ReleaseDC
GetDC
SetCursor
FindWindowW
LoadImageW
UpdateWindow
GetUserObjectInformationW
GetProcessWindowStation
SetProcessDPIAware
GetDesktopWindow
SetWindowLongW
LoadCursorW
UnregisterClassW
TranslateMessage
DispatchMessageW
PostQuitMessage
PeekMessageW
RegisterClassW
MonitorFromWindow
PostMessageW
DefWindowProcW
MessageBoxA
MessageBoxW
SetLayeredWindowAttributes

shell32

SHChangeNotify
ShellExecuteExW
ShellExecuteA
ShellExecuteW
CommandLineToArgvW

ole32

CoCreateInstance
CoInitialize
CoUninitialize

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx
D3DXMatrixTranspose

crypt32

CertCloseStore
CertGetEnhancedKeyUsage
CertEnumCertificatesInStore
CertFreeCertificateContext
CertOpenSystemStoreW
CertGetIntendedKeyUsage

ws2_32

send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
closesocket
WSAGetLastError
recv
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
inet_pton
WSAStartup
WSACleanup
__WSAFDIsSet
select
accept
htonl
getnameinfo
listen
getaddrinfo
freeaddrinfo
ioctlsocket
gethostname
shutdown

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

gdi32

GetDeviceCaps

advapi32

ReportEventW
DeregisterEventSource
RegCloseKey
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegisterEventSourceW

bcrypt

BCryptGenRandom

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 900KB - Virtual size: 900KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.3MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
readme.txt

Sharing

General

Malware Config

Signatures

Files

f4f2e2b03fe5666a721620fcea3aea9b

Headers

DLL Characteristics

File Characteristics

Imports

user32

comctl32

kernel32

advapi32

gdi32

Sections

.text Size: 172KB - Virtual size: 171KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 3KB - Virtual size: 12KB

.pdata Size: 9KB - Virtual size: 8KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 26KB - Virtual size: 25KB

.reloc Size: 2KB - Virtual size: 1KB

5301a115b797c5c6c6620c6dd7bae667

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

ole32

d3d9

d3dx9_43

crypt32

ws2_32

imm32

gdi32

advapi32

bcrypt

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 900KB - Virtual size: 900KB

.data Size: 2.3MB - Virtual size: 2.4MB

.pdata Size: 117KB - Virtual size: 117KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 103KB - Virtual size: 102KB

.reloc Size: 29KB - Virtual size: 29KB

.text
Size: 172KB - Virtual size: 171KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 3KB - Virtual size: 12KB

.pdata
Size: 9KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 900KB - Virtual size: 900KB

.data
Size: 2.3MB - Virtual size: 2.4MB

.pdata
Size: 117KB - Virtual size: 117KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 103KB - Virtual size: 102KB

.reloc
Size: 29KB - Virtual size: 29KB