Ezglobal[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Ezglobal.zip
Size

4.7MB
MD5

b76e75d21f15dddc39fbcb75588b7081
SHA1

e14bbcce54ac7e9b1378a6c4737f7674e867ac7f
SHA256

52c14aef9b5c1b61d61a812c454c9d7023c5a9cd902ccf4fa89c0abffa262348
SHA512

9770971cb6f7543990d6bda5426c3b3fa8697018667029e8df5f4a988df418ffd05b57a4d43b1aa868ed3d9957670f214ea7fe4fbda9cd4092bb20e262b2201f
SSDEEP

98304:KNGFdHjLm8yTBLpcKzdk3imfZdZTcepl1jkWyyx277vdYIfvS1:KNELmJTBytSm6wjayO7n6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Ezglobal.exe

Files

Ezglobal.zip
.zip
Ezglobal.exe
.exe windows:6 windows x64 arch:x64

99cfda9f72612bcd37e7e058d4c3fb8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\ezglobal_client\src-tauri\target\release\deps\app.pdb

Imports

kernel32

LoadLibraryW
LCIDToLocaleName
GetUserDefaultUILanguage
TryAcquireSRWLockExclusive
lstrlenW
GetExitCodeProcess
WaitForSingleObject
GetModuleHandleW
CloseHandle
InitializeSListHead
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetProcAddress
LoadLibraryA
GetCurrentThreadId
IsProcessorFeaturePresent
GetTempPathW
GetSystemTimeAsFileTime
CreateThread
RtlUnwindEx
WriteConsoleW
MultiByteToWideChar
RtlPcToFileHeader
RaiseException
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
ReadFileEx
CreateNamedPipeW
GetFullPathNameW
ExitProcess
GetFinalPathNameByHandleW
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
CreateFileW
FindClose
CreateMutexA
GetFileAttributesW
GetModuleFileNameW
GetLastError
OutputDebugStringA
OutputDebugStringW
EncodePointer
LoadLibraryExW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
FreeLibrary
GetEnvironmentVariableW
SleepConditionVariableSRW
ReleaseSRWLockShared
GetSystemInfo
GetProcessHeap
HeapFree
WaitForSingleObjectEx
AcquireSRWLockShared
HeapAlloc
HeapReAlloc
QueryPerformanceFrequency
FormatMessageW
WakeConditionVariable
WakeAllConditionVariable
TlsSetValue
ReleaseSRWLockExclusive
Sleep
GetModuleHandleA
GetFileInformationByHandle
GetConsoleMode
TerminateProcess
SleepEx
WriteFileEx
GetCurrentProcessId
GetStdHandle
LoadLibraryExA
DuplicateHandle
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceCounter
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
RtlLookupFunctionEntry
ReleaseMutex
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
SetEnvironmentVariableW
AcquireSRWLockExclusive
GetCommandLineW
TlsFree

ntdll

NtWriteFile
RtlNtStatusToDosError
NtQuerySystemInformation

user32

PostQuitMessage
AppendMenuW
CreateMenu
SetMenuItemInfoW
ToUnicodeEx
GetKeyboardLayout
CreateIcon
GetMessageA
PostMessageW
RedrawWindow
SetMenu
VkKeyScanW
MapVirtualKeyExW
GetKeyState
GetAsyncKeyState
GetKeyboardState
CreateAcceleratorTableW
SendInput
SetForegroundWindow
DispatchMessageA
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
IsProcessDPIAware
GetDC
IsIconic
SystemParametersInfoA
GetCursorPos
ReleaseCapture
ClientToScreen
GetClientRect
SetWindowPos
InvalidateRgn
SetCursorPos
IsWindowVisible
GetActiveWindow
GetForegroundWindow
AdjustWindowRectEx
GetWindowRect
DestroyWindow
MonitorFromPoint
EnumDisplayMonitors
PeekMessageW
TranslateMessage
DispatchMessageW
MapVirtualKeyW
GetRawInputData
GetWindowLongPtrW
SetWindowDisplayAffinity
GetMenu
ShowCursor
ClipCursor
GetClipCursor
GetSystemMenu
ShowWindow
SetWindowLongW
SendMessageW
CheckMenuItem
EnableMenuItem
DestroyAcceleratorTable
DestroyIcon
SetCapture
SetWindowLongPtrW
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
RegisterClassExW
RegisterWindowMessageA
GetMessageW
EnumChildWindows
GetAncestor
TranslateAcceleratorW
PostThreadMessageW
DefWindowProcW
FlashWindowEx
ChangeDisplaySettingsExW
SetWindowPlacement
GetWindowPlacement
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW
GetMonitorInfoW
MonitorFromWindow
LoadCursorW
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
TrackMouseEvent
MonitorFromRect
GetWindowLongW
SetCursor
GetUpdateRect
ValidateRect

comctl32

RemoveWindowSubclass
SetWindowSubclass
DefSubclassProc

ole32

RevokeDragDrop
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CreateStreamOnHGlobal
CoUninitialize
OleInitialize
RegisterDragDrop
CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx

shell32

DragFinish
SHGetKnownFolderPath
DragQueryFileW
ShellExecuteExW
SHAppBarMessage

gdi32

GetDeviceCaps
CreateRectRgn
DeleteObject

dwmapi

DwmEnableBlurBehindWindow

uxtheme

SetWindowTheme

advapi32

SystemFunction036
EventRegister
RegGetValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
EventUnregister
EventWriteTransfer
EventSetInformation

oleaut32

SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayGetUBound
SysStringLen
SetErrorInfo
GetErrorInfo
SysFreeString
SysAllocStringLen
VariantClear

bcrypt

BCryptGenRandom

api-ms-win-crt-math-l1-1-0

round
__setusermatherr
pow
floor
trunc

api-ms-win-crt-string-l1-1-0

_wcsicmp
wcsncmp
wcslen
strcpy_s

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-runtime-l1-1-0

__p___argv
_cexit
_initterm
_get_initial_narrow_environment
exit
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_narrow_environment
__p___argc
abort
_configure_narrow_argv
_exit
terminate
_crt_atexit
_register_onexit_function
_set_app_type
_initialize_onexit_table
_initterm_e
_seh_filter_exe

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
_set_new_mode
calloc
free

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99cfda9f72612bcd37e7e058d4c3fb8d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ntdll

user32

comctl32

ole32

shell32

gdi32

dwmapi

uxtheme

advapi32

oleaut32

bcrypt

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 4.7MB - Virtual size: 4.7MB

.data Size: 1KB - Virtual size: 12KB

.pdata Size: 122KB - Virtual size: 122KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 98KB - Virtual size: 98KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 4.7MB - Virtual size: 4.7MB

.data
Size: 1KB - Virtual size: 12KB

.pdata
Size: 122KB - Virtual size: 122KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 98KB - Virtual size: 98KB

.reloc
Size: 11KB - Virtual size: 11KB