krampusdump[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

krampusdump.zip
Size

7.0MB
MD5

c31ac33d748d92308946879a913e81b5
SHA1

5100970f459b4cf7b702df482830fc85270c3af2
SHA256

22f047da7f97d8dd56e26b7819f7822fb66062f651a4a552a9b53097d04fed6a
SHA512

6aa3cca294958b96be7483ab3d8779e0ef7091c1b979ff35581ae4d5cfeb16217597c79bc4a36a33eb62d3c8591d39d6acde3cc6131f5af2001732e534c95dd9
SSDEEP

196608:Pb+Zyp+uBlSEhs+RwUp//8BA2GFz21WKBMu+tmxZlMI2:Bph1Dp/n7Fzg7Am5M/

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/hVmX2BD4NV (security module).dll
unpack001/hVmX2BD4NV.exe
unpack001/krampuscheatdll.dll

Files

krampusdump.zip
.zip
hVmX2BD4NV (security module).dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 827KB - Virtual size: 826KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 337KB - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gehcont
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 140B

.voltbl
Size: 512B - Virtual size: 72B

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.krampus
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
hVmX2BD4NV.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 688KB - Virtual size: 688KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.KrmpSec
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 512B - Virtual size: 72B

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
krampuscheatdll.dll
.dll windows:4 windows x64 arch:x64

b2a36517b9b3593cdaa4dbdd7c52baf0

Headers

File Characteristics

IMAGE_FILE_DLL

Imports

iphlpapi

if_nametoindex

ntdll

RtlVerifyVersionInfo
TpSetTimer
TpWaitForTimer
TpReleaseTimer
TpSetWait
TpReleaseWait
NtFlushProcessWriteBuffers
TpCallbackUnloadDllOnCompletion
RtlGetCurrentProcessorNumber
RtlInitializeConditionVariable
RtlWakeConditionVariable
RtlWakeAllConditionVariable
RtlInitializeSRWLock
RtlAcquireSRWLockExclusive
RtlTryAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
TpPostWork
TpReleaseWork
RtlWakeAllConditionVariable
RtlVerifyVersionInfo
RtlAddVectoredExceptionHandler
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlDeleteCriticalSection
RtlSizeHeap
RtlReAllocateHeap
VerSetConditionMask
RtlAllocateHeap
RtlInterlockedFlushSList
RtlInterlockedPushEntrySList
RtlInitializeSListHead
RtlExitUserThread
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlInitializeSRWLock
RtlTryEnterCriticalSection
RtlInitializeConditionVariable
RtlWakeConditionVariable
RtlWakeAllConditionVariable
RtlEncodePointer
RtlDecodePointer
RtlCaptureContext
NtRaiseHardError
RtlInitUnicodeString

kernel32

FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
CreateEventExW
CreateSemaphoreW
CreateSemaphoreExW
CreateThreadpoolTimer
CreateThreadpoolWait
CreateSymbolicLinkW
GetTickCount64
GetFileInformationByHandleEx
SetFileInformationByHandle
GetSystemTimePreciseAsFileTime
CreateThreadpoolWork
CompareStringEx
GetLocaleInfoEx
LCMapStringEx
CreateProcessA
GetSystemTimeAsFileTime
RtlVirtualUnwind
RtlLookupFunctionEntry
GetModuleHandleExA
GetCurrentDirectoryA
SetLastError
GetLastError
FindFirstFileExW
GetFullPathNameW
FindNextFileW
FindClose
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
VirtualProtect
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FlushFileBuffers
SetStdHandle
DeleteFileW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
FreeLibrary
GetProcAddress
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
QueryPerformanceCounter
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
LoadLibraryA
GetModuleHandleA
GetCommandLineW
GlobalUnWire
HeapFree
GetConsoleOutputCP
WriteFile
ReadConsoleW
GetConsoleMode
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlPcToFileHeader
RtlUnwindEx
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
InitializeCriticalSectionAndSpinCount
GetStringTypeW
QueryPerformanceFrequency
GetModuleFileNameA
GetTickCount
CreateEventA
ResetEvent
CreateThread
CloseHandle
SetEvent
Sleep
GetCurrentProcess
TerminateProcess
GetCurrentThread
GetThreadTimes
RaiseException
FormatMessageA
InitializeCriticalSectionEx
GetSystemDirectoryW
GetModuleHandleW
LoadLibraryW
FormatMessageW
MoveFileExW
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerifyVersionInfoW
CreateFileW
GetFileSizeEx
GetExitCodeThread
LocalFree
GetCurrentDirectoryW
CreateDirectoryW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFinalPathNameByHandleW
SetEndOfFile
SetFileInformationByHandle
SetFilePointerEx
GetTempPathW
AreFileApisANSI
GetFileInformationByHandleEx
LCMapStringEx
CompareStringEx
GetCPInfo
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
RtlUnwind

kernelbase

InitOnceExecuteOnce
GetCurrentPackageId
SleepConditionVariableCS
SleepConditionVariableSRW
SleepConditionVariableCS
FlsAlloc
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
InitOnceComplete
InitOnceBeginInitialize
SleepConditionVariableCS
SleepConditionVariableSRW

shcore

GetDpiForMonitor

advapi32

CryptGenRandom
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptAcquireContextW
CryptAcquireContextA
CryptReleaseContext

comdlg32

GetOpenFileNameA

crypt32

CertGetCertificateChain
CertGetNameStringW
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryW
CertFindCertificateInStore
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateChain
CertCreateCertificateChainEngine
CryptQueryObject
CertFreeCertificateChainEngine

d3dcompiler_47

D3DCompile

gdi32

GetDeviceCaps

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

user32

SetCursor
SetCapture
GetForegroundWindow
TrackMouseEvent
IsChild
ClientToScreen
ScreenToClient
MonitorFromWindow
GetDC
LoadCursorA
SetWindowsHookExW
FindWindowW
CallNextHookEx
GetClientRect
mouse_event
MapVirtualKeyA
GetSystemMetrics
ReleaseCapture
SetCursorPos
ReleaseDC
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetKeyState
SendInput
SetProcessDPIAware

ws2_32

WSACreateEvent
WSACloseEvent
WSASetLastError
WSAEventSelect
WSAStartup
select
__WSAFDIsSet
WSAWaitForMultipleEvents
inet_pton
inet_ntop
closesocket
recv
send
WSAGetLastError
connect
ioctlsocket
socket
WSAEnumNetworkEvents
getaddrinfo
FreeAddrInfoW
getsockopt
WSAResetEvent
htons
WSAIoctl
htons
accept
bind
getsockname
htonl
listen
recvfrom
sendto
getpeername
gethostname
WSACleanup

bcrypt

BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider

Sections

pd_rec0
Size: 8.5MB - Virtual size: 8.5MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 827KB - Virtual size: 826KB

.rdata Size: 337KB - Virtual size: 337KB

.data Size: 16KB - Virtual size: 16KB

.pdata Size: 37KB - Virtual size: 36KB

.00cfg Size: 512B - Virtual size: 48B

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.gehcont Size: 512B - Virtual size: 92B

.gxfg Size: 11KB - Virtual size: 10KB

.retplne Size: 512B - Virtual size: 140B

.voltbl Size: 512B - Virtual size: 72B

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 512B - Virtual size: 232B

.reloc Size: 6KB - Virtual size: 5KB

.krampus Size: 3.9MB - Virtual size: 3.9MB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 688KB - Virtual size: 688KB

.rdata Size: 220KB - Virtual size: 219KB

.data Size: 15KB - Virtual size: 15KB

.pdata Size: 34KB - Virtual size: 33KB

.00cfg Size: 512B - Virtual size: 40B

.KrmpSec Size: 96KB - Virtual size: 96KB

.gehcont Size: 512B - Virtual size: 92B

.tls Size: 512B - Virtual size: 9B

.voltbl Size: 512B - Virtual size: 72B

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 512B - Virtual size: 424B

.reloc Size: 24KB - Virtual size: 24KB

b2a36517b9b3593cdaa4dbdd7c52baf0

Headers

File Characteristics

Imports

iphlpapi

ntdll

kernel32

kernelbase

shcore

advapi32

comdlg32

crypt32

d3dcompiler_47

gdi32

imm32

user32

ws2_32

bcrypt

Sections

pd_rec0 Size: 8.5MB - Virtual size: 8.5MB

.text
Size: 827KB - Virtual size: 826KB

.rdata
Size: 337KB - Virtual size: 337KB

.data
Size: 16KB - Virtual size: 16KB

.pdata
Size: 37KB - Virtual size: 36KB

.00cfg
Size: 512B - Virtual size: 48B

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.gehcont
Size: 512B - Virtual size: 92B

.gxfg
Size: 11KB - Virtual size: 10KB

.retplne
Size: 512B - Virtual size: 140B

.voltbl
Size: 512B - Virtual size: 72B

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 512B - Virtual size: 232B

.reloc
Size: 6KB - Virtual size: 5KB

.krampus
Size: 3.9MB - Virtual size: 3.9MB

.text
Size: 688KB - Virtual size: 688KB

.rdata
Size: 220KB - Virtual size: 219KB

.data
Size: 15KB - Virtual size: 15KB

.pdata
Size: 34KB - Virtual size: 33KB

.00cfg
Size: 512B - Virtual size: 40B

.KrmpSec
Size: 96KB - Virtual size: 96KB

.gehcont
Size: 512B - Virtual size: 92B

.tls
Size: 512B - Virtual size: 9B

.voltbl
Size: 512B - Virtual size: 72B

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 512B - Virtual size: 424B

.reloc
Size: 24KB - Virtual size: 24KB

pd_rec0
Size: 8.5MB - Virtual size: 8.5MB