Batch CIA 3DS Decryptor[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Batch CIA 3DS Decryptor.zip
Size

5.0MB
MD5

61f5ea0a2e7553a9fa43c4dc208ea17f
SHA1

4b2fb1c00d55be894184f098a334daa5b08e555f
SHA256

e6c7b104a0a3f8f2f639b767e4be9ab483a1bc57465de106653f211f3b4205eb
SHA512

0935d4f5c70d26d74e865b1bace7521f28921aba5745e4621cb8d783f101966837e9eed48e8440e532ecb561d8ee2994c0bfccab461a2d5d8e806e0ad87e25fb
SSDEEP

98304:BqYqU2RGhR4qGipsHHF0Rf8KJ6K1jZG8y6Y7yAQlkt8FCEjnpoJyTG6UJj9/X5:AbO4qF+n6RfrJvG8wdbtipoJMUl

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

Processes:

resource	yara_rule
static1/unpack001/decrypt.exe	pyinstaller

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/ctrtool.exe
unpack001/decrypt.exe
unpack001/makerom.exe

Files

Batch CIA 3DS Decryptor.zip
.zip
Batch CIA 3DS Decryptor.bat
.bat .vbs
ctrtool.exe
.exe windows:4 windows x64 arch:x64

7540b2f68364e63bb1dc0d283bd7c2e3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AddAtomA
CloseHandle
CreateEventA
CreateMutexA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FindAtomA
GetAtomNameA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
RaiseException
ReleaseMutex
ReleaseSemaphore
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetCriticalSectionSpinCount
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject

msvcrt

__C_specific_handler
__argv
__dllonexit
__doserrno
__getmainargs
__initenv
__iob_func
__lconv_init
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_endthreadex
_errno
_exit
_filelengthi64
_fileno
_fmode
_initterm
_lock
_lseeki64
_mkdir
_onexit
_setjmp
_snwprintf
_stat64
_unlock
_vsnprintf
_wfopen
_wmkdir
_write
_write
_wstat64
abort
atof
atoi
calloc
exit
fclose
ferror
fflush
fgetpos
fgets
fopen
fprintf
fputc
fputs
fputws
fread
free
fseek
fsetpos
ftell
fwprintf
fwrite
getenv
isalnum
isalpha
isspace
longjmp
malloc
memcmp
memcpy
memmove
memset
printf
putchar
puts
raise
realloc
signal
sprintf
sscanf
strchr
strcmp
strcpy
strlen
strncmp
strncpy
strtoul
tolower
vfprintf
vsprintf
wcscpy
wcslen

user32

MessageBoxW

Sections

.text
Size: 233KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1024B - Virtual size: 906B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
decrypt.exe
.exe windows:4 windows x64 arch:x64

2c9e98790fd9f920c8aca8d84943961f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CreateProcessW
DeleteCriticalSection
EnterCriticalSection
ExpandEnvironmentStringsW
FormatMessageA
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableW
GetExitCodeProcess
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetShortPathNameW
GetStartupInfoW
GetSystemTimeAsFileTime
GetTempPathW
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetDllDirectoryW
SetEnvironmentVariableW
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
__C_specific_handler

msvcrt

__argc
__dllonexit
__iob_func
__lconv_init
__set_app_type
__setusermatherr
__wargv
__wgetmainargs
__winitenv
_amsg_exit
_cexit
_fileno
_findclose
_fmode
_fullpath
_get_osfhandle
_getpid
_initterm
_lock
_onexit
_setmode
_stat64
_strdup
_unlock
_vsnprintf
_vsnwprintf
_wcmdln
_wfindfirst64
_wfindnext64
_wfopen
_wmkdir
_wremove
_wrmdir
_wstat64
_wtempnam
abort
calloc
clearerr
exit
fclose
feof
ferror
fflush
fprintf
fread
free
fseek
ftell
fwrite
getenv
malloc
mbstowcs
memcpy
memset
setbuf
setlocale
signal
sprintf
strcat
strchr
strcmp
strcpy
strlen
strncat
strncmp
strncpy
strrchr
strtok
vfprintf
wcscat
wcscmp
wcscpy
wcslen

ws2_32

ntohl

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 51KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
decrypt.pyc
makerom.exe
.exe windows:4 windows x64 arch:x64

652c0cab7ad18cce33959bfbc4f70b7f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseHandle
CreateFileA
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetEndOfFile
SetFilePointerEx
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__C_specific_handler
__dllonexit
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_errno
_exit
_findclose
_fmode
_getcwd
_initterm
_lock
_mkdir
_onexit
_snwprintf
_stat64
_strdup
_stricmp
_time64
_unlock
_vsnprintf
_wfindfirst64
_wfindnext64
_wfopen
_wfullpath
_wmkdir
_wstat64
abort
calloc
exit
fclose
ferror
fopen
fprintf
fputc
fputs
fputws
fread
free
fseek
fsetpos
ftell
fwprintf
fwrite
isalnum
islower
isspace
isupper
malloc
memcmp
memcpy
memmove
memset
printf
putchar
puts
raise
rand
realloc
signal
sprintf
srand
strchr
strcmp
strcpy
strlen
strncat
strncmp
strncpy
strrchr
strstr
strtol
strtoul
vfprintf
wcscat
wcscmp
wcscpy
wcslen

user32

MessageBoxW

Sections

.text
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1024B - Virtual size: 847B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
readme.txt

Sharing

General

Malware Config

Signatures

Files

7540b2f68364e63bb1dc0d283bd7c2e3

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Sections

.text Size: 233KB - Virtual size: 233KB

.data Size: 2KB - Virtual size: 2KB

.rdata Size: 39KB - Virtual size: 38KB

.pdata Size: 13KB - Virtual size: 12KB

.xdata Size: 12KB - Virtual size: 12KB

.bss Size: - Virtual size: 11KB

.idata Size: 5KB - Virtual size: 5KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 104B

.rsrc Size: 1024B - Virtual size: 848B

/4 Size: 1KB - Virtual size: 1KB

/19 Size: 66KB - Virtual size: 66KB

/31 Size: 10KB - Virtual size: 9KB

/45 Size: 9KB - Virtual size: 8KB

/57 Size: 5KB - Virtual size: 4KB

/70 Size: 1024B - Virtual size: 906B

/81 Size: 23KB - Virtual size: 22KB

/92 Size: 1KB - Virtual size: 1KB

2c9e98790fd9f920c8aca8d84943961f

Headers

File Characteristics

Imports

kernel32

msvcrt

ws2_32

Sections

.text Size: 39KB - Virtual size: 39KB

.data Size: 512B - Virtual size: 168B

.rdata Size: 21KB - Virtual size: 21KB

.pdata Size: 2KB - Virtual size: 1KB

.xdata Size: 2KB - Virtual size: 1KB

.bss Size: - Virtual size: 51KB

.idata Size: 4KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 104B

.rsrc Size: 59KB - Virtual size: 58KB

652c0cab7ad18cce33959bfbc4f70b7f

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Sections

.text Size: 240KB - Virtual size: 240KB

.data Size: 512B - Virtual size: 184B

.rdata Size: 111KB - Virtual size: 110KB

.pdata Size: 8KB - Virtual size: 8KB

.xdata Size: 8KB - Virtual size: 7KB

.bss Size: - Virtual size: 11KB

.idata Size: 4KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 104B

.rsrc Size: 1024B - Virtual size: 848B

/4 Size: 1KB - Virtual size: 1KB

/19 Size: 56KB - Virtual size: 55KB

/31 Size: 9KB - Virtual size: 8KB

/45 Size: 8KB - Virtual size: 7KB

/57 Size: 4KB - Virtual size: 3KB

/70 Size: 1024B - Virtual size: 847B

/81 Size: 16KB - Virtual size: 15KB

/92 Size: 1KB - Virtual size: 1KB

.text
Size: 233KB - Virtual size: 233KB

.data
Size: 2KB - Virtual size: 2KB

.rdata
Size: 39KB - Virtual size: 38KB

.pdata
Size: 13KB - Virtual size: 12KB

.xdata
Size: 12KB - Virtual size: 12KB

.bss
Size: - Virtual size: 11KB

.idata
Size: 5KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 104B

.rsrc
Size: 1024B - Virtual size: 848B

/4
Size: 1KB - Virtual size: 1KB

/19
Size: 66KB - Virtual size: 66KB

/31
Size: 10KB - Virtual size: 9KB

/45
Size: 9KB - Virtual size: 8KB

/57
Size: 5KB - Virtual size: 4KB

/70
Size: 1024B - Virtual size: 906B

/81
Size: 23KB - Virtual size: 22KB

/92
Size: 1KB - Virtual size: 1KB

.text
Size: 39KB - Virtual size: 39KB

.data
Size: 512B - Virtual size: 168B

.rdata
Size: 21KB - Virtual size: 21KB

.pdata
Size: 2KB - Virtual size: 1KB

.xdata
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 51KB

.idata
Size: 4KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 104B

.rsrc
Size: 59KB - Virtual size: 58KB

.text
Size: 240KB - Virtual size: 240KB

.data
Size: 512B - Virtual size: 184B

.rdata
Size: 111KB - Virtual size: 110KB

.pdata
Size: 8KB - Virtual size: 8KB

.xdata
Size: 8KB - Virtual size: 7KB

.bss
Size: - Virtual size: 11KB

.idata
Size: 4KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 104B

.rsrc
Size: 1024B - Virtual size: 848B

/4
Size: 1KB - Virtual size: 1KB

/19
Size: 56KB - Virtual size: 55KB

/31
Size: 9KB - Virtual size: 8KB

/45
Size: 8KB - Virtual size: 7KB

/57
Size: 4KB - Virtual size: 3KB

/70
Size: 1024B - Virtual size: 847B

/81
Size: 16KB - Virtual size: 15KB

/92
Size: 1KB - Virtual size: 1KB