240504-lj3hzacg83_pw_infected[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

240504-lj3hzacg83_pw_infected.zip
Size

2.3MB
MD5

4850194c59ede5098aa7ac59ad4da74a
SHA1

bd2bbe93ebf656a6c60d9312c1be5e6c7062e75a
SHA256

6508ec179fe720d6519ad66c31d4802ad0855eb4fe9e1dfdda41cb5762c3110c
SHA512

7e54244c3d669f5b0402e8523ef73f73f6c8b06a75c1c05c7165bdd162438777c3e0e082d917dba330cad4e7c6c0ede75d28d7c6bd60b92481e5adb777b67bd1
SSDEEP

49152:Yf/kB5p4mDzWddKvnJEY/uQhX7oivzcdvo0Dws+k:YfM14SzlyY6i7cdZws+k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ida_keygen.exe

Files

240504-lj3hzacg83_pw_infected.zip
.zip

Password: infected
ida_keygen.exe
.exe windows:6 windows x64 arch:x64

12cae415cc33d84b99721f605f8bf239

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Users\tom_rus\Documents\Visual Studio 2022\Projects\ida_keygen - Copy\ida_keygen\bin\Release\net6.0\win-x64\native\ida_keygen.pdb

Imports

advapi32

EnumerateTraceGuidsEx
EventSetInformation
EventUnregister
RegCloseKey
EventActivityIdControl
EventRegister
EventWriteTransfer
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
EventWrite
EventEnabled

bcrypt

BCryptFinishHash
BCryptGenRandom
BCryptHashData
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptGetProperty
BCryptCreateHash
BCryptDestroyHash

kernel32

HeapReAlloc
HeapSize
GetProcessHeap
LCMapStringW
CompareStringW
CloseThreadpoolIo
SetLastError
ExpandEnvironmentStringsW
GetLastError
GetCurrentProcessId
GetEnvironmentVariableW
MultiByteToWideChar
GetStdHandle
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
LoadLibraryExW
FileTimeToSystemTime
GetSystemTime
GetTickCount64
GetCurrentProcessorNumber
GetCurrentProcess
GetCurrentThread
WaitForSingleObject
Sleep
CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
InitializeCriticalSection
InitializeConditionVariable
DeleteCriticalSection
LocalFree
EnterCriticalSection
SleepConditionVariableCS
LeaveCriticalSection
WakeConditionVariable
WaitForMultipleObjectsEx
GetFullPathNameW
GetLongPathNameW
GetProcAddress
LocalAlloc
GetConsoleOutputCP
WideCharToMultiByte
RaiseFailFastException
WaitForThreadpoolWaitCallbacks
CreateThreadpoolIo
StartThreadpoolIo
CancelThreadpoolIo
CreateFileW
DeleteFileW
FlushFileBuffers
FreeLibrary
GetCurrentDirectoryW
GetFileInformationByHandleEx
GetFileType
GetOverlappedResult
ReadFile
SetConsoleCtrlHandler
SetFileInformationByHandle
SetFilePointerEx
SetThreadErrorMode
GetDynamicTimeZoneInformation
GetTimeZoneInformation
WriteFile
CloseHandle
SetEvent
ResetEvent
CreateEventExW
FormatMessageW
CreateThread
ResumeThread
DuplicateHandle
GetThreadPriority
SetThreadPriority
VerSetConditionMask
GetExitCodeProcess
CreateProcessW
OpenProcess
K32EnumProcesses
GetProcessId
CreatePipe
GetCPInfoExW
GetConsoleCP
GetConsoleScreenBufferInfo
GetConsoleMode
ReadConsoleW
SetConsoleTextAttribute
WriteConsoleW
FlushProcessWriteBuffers
GetCurrentThreadId
WaitForSingleObjectEx
VirtualQuery
AddVectoredExceptionHandler
FlsAlloc
FlsGetValue
FlsSetValue
CreateEventW
TerminateProcess
SwitchToThread
SuspendThread
GetThreadContext
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
QueryInformationJobObject
GetModuleHandleExW
GetProcessAffinityMask
InitializeCriticalSectionEx
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
DebugBreak
SleepEx
GlobalMemoryStatusEx
GetTickCount
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
GetWriteWatch
ResetWriteWatch
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
K32GetProcessMemoryInfo
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
RtlUnwindEx
RtlPcToFileHeader
RaiseException
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleFileNameW
ExitProcess
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP

ole32

CoUninitialize
CoTaskMemAlloc
CoGetApartmentType
CoCreateGuid
CoTaskMemFree
CoWaitForMultipleHandles
CoInitializeEx

Exports

Exports

DotNetRuntimeDebugHeader

Sections

.text
Size: 470KB - Virtual size: 469KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.managed
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 230KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

12cae415cc33d84b99721f605f8bf239

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

bcrypt

kernel32

ole32

Exports

Exports

Sections

.text Size: 470KB - Virtual size: 469KB

.managed Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 2.4MB - Virtual size: 2.4MB

.data Size: 230KB - Virtual size: 314KB

.pdata Size: 187KB - Virtual size: 187KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 125KB - Virtual size: 125KB

.text
Size: 470KB - Virtual size: 469KB

.managed
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 2.4MB - Virtual size: 2.4MB

.data
Size: 230KB - Virtual size: 314KB

.pdata
Size: 187KB - Virtual size: 187KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 125KB - Virtual size: 125KB