Null[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Null.zip
Size

17KB
MD5

c3f2f133cffff12412350ec41d1c7454
SHA1

54bdeffa11fc5d0ee68ac03a5b0c625cb5b1dbf0
SHA256

1f31885a960ac8dd4ad3b63bb7bc3646e7cd0f655f720f9d73ba57bcc756ef06
SHA512

2de0fde6f679c2e108721e032778c2969c2b43293b0f7f29aa99697aaf5b0a31608903040bedf376530271c06c0562ea697871ee86fc6ff54c8ed631003a9581
SSDEEP

384:dBtqYizpbN3d87VZgNtHz9mfiNvrkCFcpr7OsEoHUwcth/8aWilZH3Vi:dXqYWiBZg3z9mqRrSF7OwctV8OtFi

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/NullDLL32.dll
unpack001/NullDLL64.dll

Files

Null.zip
.zip
NullDLL32.dll
.dll windows:6 windows x86 arch:x86

576fcbc7607b1e852232f3ceb4742090

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStdHandle
OpenProcess
Sleep
FillConsoleOutputCharacterW
CloseHandle
CreateThread
FillConsoleOutputAttribute
ReadProcessMemory
GetConsoleWindow
SetConsoleCursorPosition
SetConsoleScreenBufferSize
SetConsoleTitleW
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
WriteProcessMemory
AllocConsole
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
UnhandledExceptionFilter

user32

GetWindowLongW
GetKeyState
SetWindowLongW
FindWindowW
GetAsyncKeyState
SendMessageW
GetWindowThreadProcessId

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW

msvcp140

?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAM@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?_Random_device@std@@YAIXZ

vcruntime140

__std_type_info_destroy_list
_except_handler4_common
__std_terminate
__CxxFrameHandler3
memset

api-ms-win-crt-runtime-l1-1-0

exit
_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm

api-ms-win-crt-stdio-l1-1-0

freopen
__acrt_iob_func

api-ms-win-crt-math-l1-1-0

_except1

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NullDLL64.dll
.dll windows:6 windows x64 arch:x64

8301def21a10663ab26e02e838e786fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetStdHandle
OpenProcess
Sleep
FillConsoleOutputCharacterW
CloseHandle
CreateThread
FillConsoleOutputAttribute
ReadProcessMemory
GetConsoleWindow
SetConsoleCursorPosition
SetConsoleScreenBufferSize
SetConsoleTitleW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
AllocConsole
WriteProcessMemory
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

user32

GetKeyState
GetWindowThreadProcessId
SendMessageW
SetWindowLongW
GetWindowLongW
FindWindowW
GetAsyncKeyState

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW

msvcp140

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Random_device@std@@YAIXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z

vcruntime140

__CxxFrameHandler3
__std_terminate
__C_specific_handler
memset
__std_type_info_destroy_list

api-ms-win-crt-stdio-l1-1-0

freopen
__acrt_iob_func

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_onexit_table
_cexit
_initialize_narrow_environment
_seh_filter_dll
_initterm_e
_initterm
_execute_onexit_table

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

576fcbc7607b1e852232f3ceb4742090

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 980B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1024B - Virtual size: 852B

8301def21a10663ab26e02e838e786fd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 612B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 512B - Virtual size: 24B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 980B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 852B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 612B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 512B - Virtual size: 24B