minty[.]zip | Triage

Resubmissions

26-04-2024 13:43

240426-q1dcmach32 3

26-04-2024 13:41

240426-qzbseacg86 3

Sharing

Copy URL

Twitter E-mail

General

Target

minty.zip
Size

4.0MB
MD5

f302fa32106a1a45b21e7225d7ab340c
SHA1

b454c03ff79c2cdc5b8fafa6f117fced7616a399
SHA256

86f35d944d32b8bf07a8f8e5e7b0a31a7ceb86c41b6729cfc616ca8fbe5c560f
SHA512

00540265743c5da5af8b72e63ca62dde7abd0455c46caa1eb23b7c5347385739743242f5a1b850edaf448815ebaf702aade08941ee4673475c06ee5285ff2d70
SSDEEP

98304:bpDeRjc48Lfrf/Bj/1ACRG9DL6yVJJT1LLMjWbuuRV:bpaT87rBj/Sk2DLhJJTR8WP

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/launcher.exe
unpack001/minty.dll

Files

minty.zip
.zip
launcher.exe
.exe windows:6 windows x64 arch:x64

1a2c70098988f1751c48853bd6137ccd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\EtoShinya\source\repos\M\x64\Release\launcher.pdb

Imports

kernel32

ResumeThread
GetLastError
CloseHandle
CreateProcessA
WriteProcessMemory
RtlAddFunctionTable
Sleep
LoadLibraryA
GetModuleFileNameW
GetProcAddress
VirtualAllocEx
ReadProcessMemory
CreateRemoteThread
VirtualFreeEx
GetExitCodeProcess
LocalFree
FormatMessageA
SetEndOfFile
VirtualProtectEx
GetModuleHandleExW
GetCurrentDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
AreFileApisANSI
GetModuleHandleW
GetFileInformationByHandleEx
MultiByteToWideChar
WideCharToMultiByte
GetLocaleInfoEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetFileSizeEx
SetFilePointerEx
GetFileType
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
WaitForSingleObject
CreateProcessW
ReadFile
ReadConsoleW
HeapReAlloc
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
HeapSize
WriteConsoleW
RtlUnwind

comdlg32

GetOpenFileNameA

Sections

.text
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
minty.dll
.dll windows:6 windows x64 arch:x64

5e2f3d8cbc6d8f734c9d682253358c4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\EtoShinya\source\repos\M\x64\Release\minty.pdb

Imports

d3d11

D3D11CreateDeviceAndSwapChain

kernel32

LockResource
LoadResource
SetConsoleTextAttribute
GetStdHandle
GetModuleHandleA
GetModuleFileNameA
VirtualProtect
GetCurrentProcess
Sleep
GetProcAddress
lstrcmpiW
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetLocaleInfoA
LoadLibraryA
QueryPerformanceFrequency
FreeLibrary
QueryPerformanceCounter
LoadLibraryExA
FormatMessageA
SetConsoleMode
GetConsoleMode
CreateThread
AllocConsole
GetCurrentThreadId
QueueUserAPC
GetModuleHandleW
OpenThread
FindResourceA
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualFree
VirtualQuery
SizeofResource
CreateFileW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree
GetLocaleInfoEx
MultiByteToWideChar
GetModuleFileNameW
lstrlenW
WaitNamedPipeW
PeekNamedPipe
WriteFile
ReadFile
GetConsoleWindow
ExitProcess
GetTickCount64
GetCurrentThread
SuspendThread
AreFileApisANSI
GetCurrentProcessId
CloseHandle
GetLastError
AcquireSRWLockShared
ReleaseSRWLockShared
SetLastError

user32

LoadCursorA
GetMessageExtraInfo
GetKeyState
FindWindowA
TrackMouseEvent
GetCapture
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
IsWindowUnicode
ClientToScreen
ReleaseCapture
SetCursorPos
ShowWindow
EnumWindows
OpenClipboard
GetClassNameA
CloseClipboard
GetWindowThreadProcessId
EmptyClipboard
GetClipboardData
GetCursorPos
RegisterClassExA
SetWindowLongPtrA
SetClipboardData
CreateWindowExA
ScreenToClient
DefWindowProcA
CallWindowProcA
GetKeyboardLayout

advapi32

RegCloseKey
RegCreateKeyExW
RegSetValueExW

shell32

ShellExecuteA

msvcp140

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Xlength_error@std@@YAXPEBD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Mtx_unlock
_Mtx_current_owns
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
_Cnd_timedwait
_Cnd_do_broadcast_at_thread_exit
_Xtime_get_ticks
_Cnd_broadcast
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??Bios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1?$codecvt@_SDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_SDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_S1AEAPEB_SPEAD3AEAPEAD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
_Query_perf_frequency
_Query_perf_counter
_Strxfrm
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?id@?$numpunct@D@std@@2V0locale@2@A
?_Xbad_function_call@std@@YAXXZ
?_Winerror_map@std@@YAHH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exceptions@std@@YAHXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Syserror_map@std@@YAPEBDH@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
_Cnd_init_in_situ

msvcp140_codecvt_ids

?id@?$codecvt@_SDU_Mbstatet@@@std@@2V0locale@2@A

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
NtProtectVirtualMemory
NtQuerySection

imm32

ImmGetContext
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionWindow

d3dcompiler_47

D3DCompile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

strchr
__C_specific_handler
strstr
__intrinsic_setjmp
memmove
memcmp
memchr
__RTDynamicCast
longjmp
strrchr
memcpy
memset
__current_exception
__current_exception_context
__std_terminate
_CxxThrowException
__std_exception_copy
__std_type_info_destroy_list
__std_exception_destroy

api-ms-win-crt-stdio-l1-1-0

fgetpos
setvbuf
ungetc
fsetpos
tmpnam
fread
_get_stream_buffer_pointers
fwrite
__stdio_common_vsprintf_s
__acrt_iob_func
_ftelli64
_popen
tmpfile
__stdio_common_vfprintf
_pclose
clearerr
__stdio_common_vsprintf
fgets
__stdio_common_vswprintf
fgetc
fclose
getc
fopen
ferror
freopen
fflush
fputc
ftell
__stdio_common_vsscanf
_wfopen
fseek
feof
_fseeki64

api-ms-win-crt-heap-l1-1-0

malloc
calloc
free
_callnewh
realloc

api-ms-win-crt-string-l1-1-0

strncmp
tolower
strncpy
isalnum
islower
isblank
isupper
toupper
isspace
strspn
isdigit
isxdigit
strcmp
strpbrk
strcoll
ispunct
iscntrl
isalpha
isgraph

api-ms-win-crt-math-l1-1-0

powf
tan
pow
logf
log10
log
fmodf
fmod
floorf
_dclass
sin
_fdclass
sinf
_ldsign
acos
acosf
asin
_fdsign
atan2
sqrt
atan2f
ceil
frexp
ceilf
_dsign
sqrtf
_ldclass
cos
cosf
exp
ldexp
floor

api-ms-win-crt-convert-l1-1-0

atof
strtod
strtoll
strtoull
strtoul

api-ms-win-crt-filesystem-l1-1-0

remove
rename
_unlock_file
_lock_file

api-ms-win-crt-locale-l1-1-0

localeconv
setlocale
___lc_codepage_func

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_configure_narrow_argv
system
_seh_filter_dll
terminate
_initialize_narrow_environment
strerror
_beginthreadex
abort
exit
_errno
_invalid_parameter_noinfo_noreturn
_wassert
_invalid_parameter_noinfo

api-ms-win-crt-utility-l1-1-0

rand
qsort
srand

api-ms-win-crt-time-l1-1-0

_localtime64
strftime
_mktime64
clock
_difftime64
_time64
_gmtime64

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

1a2c70098988f1751c48853bd6137ccd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

comdlg32

Sections

.text Size: 272KB - Virtual size: 272KB

.rdata Size: 86KB - Virtual size: 85KB

.data Size: 6KB - Virtual size: 12KB

.pdata Size: 13KB - Virtual size: 13KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 171KB - Virtual size: 171KB

.reloc Size: 3KB - Virtual size: 2KB

5e2f3d8cbc6d8f734c9d682253358c4c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

kernel32

user32

advapi32

shell32

msvcp140

msvcp140_codecvt_ids

ntdll

imm32

d3dcompiler_47

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 11KB - Virtual size: 261KB

.pdata Size: 55KB - Virtual size: 55KB

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 3.5MB - Virtual size: 3.5MB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 272KB - Virtual size: 272KB

.rdata
Size: 86KB - Virtual size: 85KB

.data
Size: 6KB - Virtual size: 12KB

.pdata
Size: 13KB - Virtual size: 13KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 171KB - Virtual size: 171KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 11KB - Virtual size: 261KB

.pdata
Size: 55KB - Virtual size: 55KB

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 3.5MB - Virtual size: 3.5MB

.reloc
Size: 5KB - Virtual size: 5KB