dd[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dd.zip
Size

391KB
MD5

1fdfc9e513941c629d7cb316b1d754b3
SHA1

d15d637e9a919f37a0b866164ddb99312aa19fbe
SHA256

7cfb342e8c6605b275f61f665e37b3f435ce8d596132f4149e329acd5ecdf9ea
SHA512

de53deb08321680fc952994da55bfb96e2d32386c08b833aaed6b0dbfefafdf2fc10eaf36411073e626b667629154c824e8fa11319a4687fdf794d94789516ee
SSDEEP

6144:B5h944Wn2kBORdkxzJOlMupxRtsMc7Z8RznHtBRLNXtF6eALiKjgF0E5:BZ4Pl2eqplstK5HtDF6nie8

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/imgRePackerRK.exe
unpack001/zlib1.dll

Files

dd.zip
.zip
RK30xxLoaderv134.bin
ReadMe.txt
ReadMe_utf8.txt
imgRePackerRK.exe
.exe windows:4 windows x86 arch:x86

54f7dc9f53f9d0f1eb809c596aa310d5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

GetTokenInformation
OpenProcessToken

kernel32

CloseHandle
CopyFileA
CreateDirectoryA
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
FreeLibrary
GetConsoleScreenBufferInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesA
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetVersionExA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
MoveFileA
MultiByteToWideChar
QueryPerformanceCounter
SetConsoleTextAttribute
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

__doserrno
__getmainargs
__initenv
__lconv_init
__p__acmdln
__p__fmode
__pioinfo
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_errno
_exit
_filelengthi64
_fileno
_fileno
_findclose
_findfirst
_findnext
_fstat
_fstati64
_fullpath
_initterm
_iob
_lseeki64
_onexit
_snwprintf
_stat
_stati64
_strlwr
_vsnprintf
_vsnwprintf
_write
abort
calloc
div
exit
fclose
feof
fflush
fgetpos
fgets
fopen
fprintf
fputc
fread
free
fscanf
fseek
fsetpos
fwprintf
fwrite
localtime
malloc
memcpy
memset
printf
putchar
raise
realloc
setbuf
signal
sprintf
sscanf
strcat
strchr
strcmp
strcpy
strftime
strlen
strncmp
strncpy
strstr
strtok
strtol
time
vfprintf
wcscpy

user32

CharToOemA
GetSystemMetrics
MessageBoxW

zlib1

gzopen
gzread
gzwrite
gzclose

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
imgrepackerrk
.elf linux x86
zlib1.dll
.dll windows:4 windows x86 arch:x86

fd348b107c9a12537c4d666dc366ec5f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

_close
_open
_read
_write
__dllonexit
__mb_cur_max
_amsg_exit
_errno
_initterm
_iob
_lock
_lseeki64
_onexit
_unlock
_vsnprintf
_wopen
abort
atoi
calloc
fputc
free
getenv
localeconv
malloc
memchr
memcpy
memset
setlocale
strchr
strerror
strlen
strncmp
wcslen
wcstombs

Exports

Exports

adler32
adler32_combine
adler32_combine64
compress
compress2
compressBound
crc32
crc32_combine
crc32_combine64
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgetc_
gzgets
gzoffset
gzoffset64
gzopen
gzopen64
gzopen_w
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzseek64
gzsetparams
gztell
gztell64
gzungetc
gzvprintf
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateGetDictionary
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
uncompress
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54f7dc9f53f9d0f1eb809c596aa310d5

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

zlib1

Sections

.text Size: 148KB - Virtual size: 147KB

.data Size: 512B - Virtual size: 500B

.rdata Size: 30KB - Virtual size: 29KB

.eh_fram Size: 13KB - Virtual size: 13KB

.bss Size: - Virtual size: 23KB

.idata Size: 3KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 8B

fd348b107c9a12537c4d666dc366ec5f

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 76KB

.data Size: 512B - Virtual size: 128B

.rdata Size: 19KB - Virtual size: 18KB

.bss Size: - Virtual size: 3KB

.edata Size: 2KB - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 1024B - Virtual size: 900B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 148KB - Virtual size: 147KB

.data
Size: 512B - Virtual size: 500B

.rdata
Size: 30KB - Virtual size: 29KB

.eh_fram
Size: 13KB - Virtual size: 13KB

.bss
Size: - Virtual size: 23KB

.idata
Size: 3KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 8B

.text
Size: 76KB - Virtual size: 76KB

.data
Size: 512B - Virtual size: 128B

.rdata
Size: 19KB - Virtual size: 18KB

.bss
Size: - Virtual size: 3KB

.edata
Size: 2KB - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 1024B - Virtual size: 900B

.reloc
Size: 2KB - Virtual size: 1KB