North[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

North.zip
Size

24.3MB
MD5

c3aad37e544adfc0dddee503082963dc
SHA1

be1ed0ebfe6a7a9f72a262116bc12b258051a6c0
SHA256

5e6868309b4665b922a6a9f9e6135a324e3b924bed2cd87c0758f6d80f02ead5
SHA512

0c61ca5d58b6016652ef95ca03556359c5f25857b7704a85be3decff76186345281368ca1ac2bfbcae2c18847a2c140464bf2cb6bcf159845c287266398c7595
SSDEEP

786432:O4fZv+rFwFxg8Wk7buGoXGAiVB4du06QaAg/VaxexisdB:OVAyCbuGoTiVB4du77/NagYaB

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/North.exe
unpack001/launcher.dll

Files

North.zip
.zip
North.exe
.exe windows:6 windows x64 arch:x64

d04177761adf12f5d5e62d308e69e05b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateIcon

kernel32

GetFullPathNameW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

ws2_32

WSAGetLastError

gdi32

DeleteObject

dwmapi

DwmEnableBlurBehindWindow

ole32

CoTaskMemAlloc

secur32

AcceptSecurityContext

crypt32

CertFreeCertificateContext

advapi32

EventRegister

shell32

ShellExecuteW

comctl32

RemoveWindowSubclass

uxtheme

SetWindowTheme

oleaut32

SafeArrayGetLBound

ntdll

NtQuerySystemInformation

iphlpapi

GetAdaptersAddresses

pdh

PdhCloseQuery

powrprof

CallNtPowerInformation

netapi32

NetApiBufferFree

bcrypt

BCryptGenRandom

psapi

GetPerformanceInfo

api-ms-win-crt-math-l1-1-0

floor

api-ms-win-crt-string-l1-1-0

strcpy_s

api-ms-win-crt-convert-l1-1-0

wcstol

api-ms-win-crt-heap-l1-1-0

malloc

api-ms-win-crt-stdio-l1-1-0

__p__commode

api-ms-win-crt-runtime-l1-1-0

_initterm

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Dlv
Size: - Virtual size: 8.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nV
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.+_w
Size: 15.7MB - Virtual size: 15.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
launcher.dll
.dll windows:6 windows x64 arch:x64

88255a39747cbcbf2aabf6c0169c6bd7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

advapi32

RegOpenKeyExA

ole32

CoUninitialize

ntdll

RtlVirtualUnwind

kernel32

FreeEnvironmentStringsW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

wsprintfW

shell32

ShellExecuteA

oleaut32

VariantClear

shlwapi

SHDeleteKeyW

Exports

Exports

berliner
ihateniggers
oschersleben
speckhals
timmy
timmyrs

Sections

.text
Size: - Virtual size: 521KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

stand0
Size: - Virtual size: 7.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

stand1
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

stand2
Size: 11.6MB - Virtual size: 11.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d04177761adf12f5d5e62d308e69e05b

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

ws2_32

gdi32

dwmapi

ole32

secur32

crypt32

advapi32

shell32

comctl32

uxtheme

oleaut32

ntdll

iphlpapi

pdh

powrprof

netapi32

bcrypt

psapi

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: - Virtual size: 5.8MB

.rdata Size: - Virtual size: 2.7MB

.data Size: - Virtual size: 21KB

.pdata Size: - Virtual size: 292KB

_RDATA Size: - Virtual size: 348B

.Dlv Size: - Virtual size: 8.8MB

.nV Size: 5KB - Virtual size: 5KB

.+_w Size: 15.7MB - Virtual size: 15.7MB

.rsrc Size: 28KB - Virtual size: 27KB

88255a39747cbcbf2aabf6c0169c6bd7

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ole32

ntdll

kernel32

user32

shell32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: - Virtual size: 521KB

.rdata Size: - Virtual size: 267KB

.data Size: - Virtual size: 14KB

.pdata Size: - Virtual size: 21KB

_RDATA Size: - Virtual size: 348B

stand0 Size: - Virtual size: 7.5MB

stand1 Size: 3KB - Virtual size: 3KB

stand2 Size: 11.6MB - Virtual size: 11.6MB

.reloc Size: 512B - Virtual size: 56B

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 5.8MB

.rdata
Size: - Virtual size: 2.7MB

.data
Size: - Virtual size: 21KB

.pdata
Size: - Virtual size: 292KB

_RDATA
Size: - Virtual size: 348B

.Dlv
Size: - Virtual size: 8.8MB

.nV
Size: 5KB - Virtual size: 5KB

.+_w
Size: 15.7MB - Virtual size: 15.7MB

.rsrc
Size: 28KB - Virtual size: 27KB

.text
Size: - Virtual size: 521KB

.rdata
Size: - Virtual size: 267KB

.data
Size: - Virtual size: 14KB

.pdata
Size: - Virtual size: 21KB

_RDATA
Size: - Virtual size: 348B

stand0
Size: - Virtual size: 7.5MB

stand1
Size: 3KB - Virtual size: 3KB

stand2
Size: 11.6MB - Virtual size: 11.6MB

.reloc
Size: 512B - Virtual size: 56B

.rsrc
Size: 512B - Virtual size: 480B