anna[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

anna.zip
Size

2.1MB
MD5

4bd56b48ec3e81b6f81862a02116956f
SHA1

38308c4b6d994fa6a97e37e743961389045100a5
SHA256

4655e59fcb395d2f35346e4c008d673abc3a9a1da0a1ed83e043269a1c7fa39e
SHA512

5c2b690dca6a68da881ab05f303d9e742e32f5c97c970cc82c373700843d9d5cab7bb760f44914153d4419e9294eb4a316599e09e550e5fc5d8edd29cccad881
SSDEEP

49152:T3107hoocLISCADHjsuU9QTmugbKouctgYOHgIrd5o3:j10tbECsZU+Tmx+ctgYOHgsE3

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/anna-rs.exe
unpack001/anna.exe

Files

anna.zip
.zip
anna-rs.exe
.exe windows:6 windows x64 arch:x64

c996bc178b0a68f27edf6fd1d6c80530

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\content\tauri-ui\copy-external\src-tauri\target\release\deps\anna_rs.pdb

Imports

kernel32

GetUserDefaultUILanguage
lstrlenW
DeleteCriticalSection
RtlUnwindEx
TryAcquireSRWLockExclusive
GetCurrentThreadId
LeaveCriticalSection
ResetEvent
InitializeSListHead
CloseHandle
EnterCriticalSection
RtlVirtualUnwind
IsDebuggerPresent
LCIDToLocaleName
SetUnhandledExceptionFilter
OpenProcess
InitializeCriticalSectionAndSpinCount
VirtualQueryEx
ReadProcessMemory
GetModuleHandleW
GetTempPathW
VirtualProtectEx
GetSystemTimeAsFileTime
TlsSetValue
TlsGetValue
CreateThread
LoadLibraryW
UnhandledExceptionFilter
GetProcAddress
WriteConsoleW
MultiByteToWideChar
GetFullPathNameW
ExitProcess
GetConsoleMode
CreateEventW
GetFinalPathNameByHandleW
LoadLibraryA
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
CreateFileW
CreateMutexA
WaitForSingleObjectEx
GetFileAttributesW
GetModuleFileNameW
GetLastError
OutputDebugStringA
OutputDebugStringW
RtlPcToFileHeader
RaiseException
LoadLibraryExW
EncodePointer
TlsAlloc
TlsFree
ReleaseSRWLockExclusive
FreeLibrary
GetEnvironmentVariableW
SleepConditionVariableSRW
ReleaseSRWLockShared
GetSystemInfo
WriteProcessMemory
IsProcessorFeaturePresent
AcquireSRWLockShared
HeapReAlloc
QueryPerformanceFrequency
GetProcessHeap
HeapAlloc
HeapFree
SetEvent
WaitForSingleObject
QueryPerformanceCounter
WakeConditionVariable
WakeAllConditionVariable
FormatMessageW
Sleep
GetModuleHandleA
GetFileInformationByHandle
TerminateProcess
ReleaseMutex
FindClose
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
SetEnvironmentVariableW
AcquireSRWLockExclusive
GetCommandLineW
GetCurrentProcessId
GetStdHandle
RtlUnwind

user32

ToUnicodeEx
VkKeyScanW
MapVirtualKeyExW
GetKeyState
GetKeyboardState
IsWindowVisible
AdjustWindowRectEx
GetRawInputData
PeekMessageW
TranslateMessage
DispatchMessageW
ShowCursor
ClipCursor
GetClipCursor
SetWindowLongW
GetSystemMenu
SendMessageW
DestroyIcon
GetWindowRect
SetCursorPos
SetForegroundWindow
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
GetClientRect
EnumDisplayMonitors
SetWindowPos
MapVirtualKeyW
GetMessageW
GetAncestor
GetForegroundWindow
ChangeDisplaySettingsExW
GetDC
PostQuitMessage
SendInput
FlashWindowEx
ShowWindow
TranslateAcceleratorW
AppendMenuW
SystemParametersInfoA
PostThreadMessageW
SetWindowPlacement
ClientToScreen
PostMessageA
InvalidateRgn
GetMessageA
DispatchMessageA
GetActiveWindow
IsIconic
CreateMenu
SetMenuItemInfoW
GetWindowLongPtrW
SetWindowDisplayAffinity
GetMenu
SetMenu
LoadCursorW
CreateAcceleratorTableW
CheckMenuItem
EnableMenuItem
DestroyAcceleratorTable
CreateIcon
SetCapture
SetWindowLongPtrW
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
GetKeyboardLayout
RegisterClassExW
RegisterWindowMessageA
GetAsyncKeyState
EnumChildWindows
ReleaseCapture
SetCursor
GetCursorPos
FindWindowA
IsProcessDPIAware
GetMonitorInfoW
DestroyWindow
MonitorFromWindow
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
GetWindowLongW
TrackMouseEvent
MonitorFromRect
RedrawWindow
GetUpdateRect
ValidateRect
PostMessageW
MonitorFromPoint
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW
GetWindowPlacement
DefWindowProcW

comctl32

SetWindowSubclass
DefSubclassProc
RemoveWindowSubclass

gdi32

DeleteObject
CreateRectRgn
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow

ole32

CoTaskMemFree
CreateStreamOnHGlobal
CoUninitialize
RevokeDragDrop
OleInitialize
CoCreateInstance
RegisterDragDrop
CoInitializeEx
CoTaskMemAlloc

shell32

DragQueryFileW
SHGetKnownFolderPath
DragFinish
SHAppBarMessage
ShellExecuteW

uxtheme

SetWindowTheme

advapi32

RegGetValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
SystemFunction036

bcrypt

BCryptGenRandom

oleaut32

SysFreeString
SysStringLen
SetErrorInfo
GetErrorInfo

ntdll

RtlNtStatusToDosError
NtWriteFile

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA

api-ms-win-crt-math-l1-1-0

trunc
round
pow
floor
__setusermatherr

api-ms-win-crt-string-l1-1-0

wcslen
strcpy_s
_wcsicmp
wcsncmp
strlen

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-runtime-l1-1-0

exit
_get_initial_narrow_environment
_initialize_narrow_environment
_initterm_e
_crt_atexit
_exit
_configure_narrow_argv
_set_app_type
__p___argc
_seh_filter_exe
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
abort
_initialize_onexit_table
_register_onexit_function
_initterm
terminate

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh
_set_new_mode
calloc

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
anna.exe
.exe windows:6 windows x64 arch:x64

7083b7331bbaddcc18ae83cb673af43c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Pichau\ideaprojects\anna\target\release\deps\anna.pdb

Imports

advapi32

SystemFunction036

kernel32

OpenProcess
VirtualQueryEx
ReadProcessMemory
CloseHandle
VirtualProtectEx
WriteProcessMemory
LoadLibraryExW
GetLastError
GetProcAddress
FreeLibrary
SetErrorMode
SetThreadErrorMode
ReleaseSRWLockExclusive
ReleaseMutex
ReleaseSRWLockShared
AddVectoredExceptionHandler
SetThreadStackGuarantee
Sleep
AcquireSRWLockExclusive
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
GetStdHandle
GetCurrentProcessId
WaitForSingleObject
TryAcquireSRWLockExclusive
QueryPerformanceCounter
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
AcquireSRWLockShared
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetModuleHandleA
GetConsoleMode
GetModuleHandleW
FormatMessageW
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
ReadConsoleW
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
InitializeSListHead
GetCurrentThreadId
IsProcessorFeaturePresent

psapi

EnumProcessModules
GetModuleBaseNameA
EnumProcesses

user32

GetAsyncKeyState

bcrypt

BCryptGenRandom

ntdll

RtlNtStatusToDosError
NtReadFile
NtWriteFile

vcruntime140

__current_exception
__C_specific_handler
_CxxThrowException
memset
memcmp
memmove
memcpy
__CxxFrameHandler3
__current_exception_context

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-runtime-l1-1-0

_initterm_e
exit
_exit
_initterm
__p___argc
__p___argv
_get_initial_narrow_environment
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_exe
_set_app_type
_register_onexit_function
_crt_atexit
terminate
_cexit
_initialize_onexit_table

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

Sections

.text
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c996bc178b0a68f27edf6fd1d6c80530

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

comctl32

gdi32

dwmapi

ole32

shell32

uxtheme

advapi32

bcrypt

oleaut32

ntdll

psapi

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 1KB - Virtual size: 5KB

.pdata Size: 166KB - Virtual size: 165KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 38KB - Virtual size: 38KB

.reloc Size: 27KB - Virtual size: 27KB

7083b7331bbaddcc18ae83cb673af43c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

psapi

user32

bcrypt

ntdll

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 194KB - Virtual size: 193KB

.rdata Size: 82KB - Virtual size: 81KB

.data Size: 512B - Virtual size: 856B

.pdata Size: 8KB - Virtual size: 7KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 1KB - Virtual size: 5KB

.pdata
Size: 166KB - Virtual size: 165KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 38KB - Virtual size: 38KB

.reloc
Size: 27KB - Virtual size: 27KB

.text
Size: 194KB - Virtual size: 193KB

.rdata
Size: 82KB - Virtual size: 81KB

.data
Size: 512B - Virtual size: 856B

.pdata
Size: 8KB - Virtual size: 7KB

.reloc
Size: 2KB - Virtual size: 1KB