MDE_File_Sample_bbb7a4aa7e25338d2b821fed2916957bf74ff926[.]zip

Resubmissions

13/05/2024, 09:47

240513-lr8pysgh81 3

13/05/2024, 09:44

240513-lqfyjsgh21 3

Sharing

Copy URL Twitter E-mail

General

Target

MDE_File_Sample_bbb7a4aa7e25338d2b821fed2916957bf74ff926.zip
Size

2.2MB
MD5

3c2907e3e963b1a1503683b52c7ee1db
SHA1

16e14ba50953931d0bb94716bd5476ac975f58d3
SHA256

1098688fc78f2143b291c010eb79c6edf0162288dd0027725ac7a8e16cecf8f3
SHA512

f133597ff75e760e0bcf3e870a3c4f0f57fbfa26fdf9fe5264e44cfbc1b51751eb045750fcf296fe42ad618c0e5251884271a92ab20d256f627c50f4b6c4479c
SSDEEP

49152:hijE8st3w2sVspDVyMUj2be9K3BReF7smuPuaw3sUbHwf:ycw2Rhyrj2b2kReu21cUTi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bbb7a4aa7e25338d2b821fed2916957bf74ff926

Files

MDE_File_Sample_bbb7a4aa7e25338d2b821fed2916957bf74ff926.zip
.zip

Password: cheat
bbb7a4aa7e25338d2b821fed2916957bf74ff926
.exe windows:6 windows x64 arch:x64

Password: cheat

7b4d4bff2951753559886d37cb9f5e6c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

QueryPerformanceCounter
WriteProcessMemory
SetConsoleTitleA
Module32Next
InitializeCriticalSectionEx
Module32First
OpenProcess
CreateToolhelp32Snapshot
Sleep
GetTickCount64
GetLastError
CloseHandle
WritePrivateProfileStringA
DeleteCriticalSection
ReadProcessMemory
GetPrivateProfileIntA
GetTickCount
VirtualQueryEx
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetModuleHandleW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
GetModuleHandleA
GlobalUnlock
WideCharToMultiByte
MultiByteToWideChar
GlobalLock
GlobalFree
FreeLibrary
GlobalAlloc
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

user32

DefWindowProcA
CreateWindowExA
SetFocus
TranslateMessage
PeekMessageA
UnregisterClassA
GetWindowLongA
PostQuitMessage
FindWindowA
SetWindowLongA
RegisterClassExA
UpdateWindow
GetAsyncKeyState
ShowCursor
GetKeyState
ShowWindow
LoadCursorA
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetSystemMetrics
GetCursorPos
SetCursorPos
ReleaseCapture
TrackMouseEvent
GetClientRect
SetCursor
SetCapture
GetForegroundWindow
EnumDisplaySettingsA
ClientToScreen
ScreenToClient
GetWindowThreadProcessId
DispatchMessageA
SetWindowPos
GetWindowRect
DestroyWindow
GetCapture

imm32

ImmReleaseContext
ImmGetContext
ImmAssociateContextEx
ImmSetCandidateWindow
ImmSetCompositionWindow

d3dcompiler_43

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

msvcp140

?_Throw_Cpp_error@std@@YAXH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Xtime_get_ticks
_FExp
_Mtx_unlock
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Xlength_error@std@@YAXPEBD@Z

d3d11

D3D11CreateDeviceAndSwapChain

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_terminate
strstr
memcpy
__std_exception_destroy
__std_exception_copy
memchr
__C_specific_handler
__current_exception
memmove
memcmp
_CxxThrowException
memset
__current_exception_context

api-ms-win-crt-stdio-l1-1-0

ftell
_set_fmode
__stdio_common_vfprintf
__stdio_common_vsprintf_s
__acrt_iob_func
__p__commode
fflush
fclose
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fwrite
fseek

api-ms-win-crt-string-l1-1-0

strcmp
_stricmp
strncpy

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh
_set_new_mode

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
exit
abort
_register_thread_local_exe_atexit_callback
_c_exit
_beginthread
__p___argc
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
terminate
__p___argv

api-ms-win-crt-time-l1-1-0

clock

api-ms-win-crt-math-l1-1-0

sqrt
ilogbf
atan2f
ceilf
sinf
__setusermatherr
cosf
powf
_fdsign
ldexp
fmodf
pow
logf
copysignf
sqrtf
acosf
log
scalbnf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 518KB - Virtual size: 518KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: cheat

Password: cheat

7b4d4bff2951753559886d37cb9f5e6c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

imm32

d3dcompiler_43

dwmapi

msvcp140

d3d11

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 518KB - Virtual size: 518KB

.rdata Size: 3.2MB - Virtual size: 3.2MB

.data Size: 8KB - Virtual size: 10KB

.pdata Size: 16KB - Virtual size: 15KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 364B

.text
Size: 518KB - Virtual size: 518KB

.rdata
Size: 3.2MB - Virtual size: 3.2MB

.data
Size: 8KB - Virtual size: 10KB

.pdata
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 364B