Win64[.]Trojan[.]GreenBug[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Win64.Trojan.GreenBug.zip
Size

383KB
MD5

9ed25c4a6ae99f9eb28fd3c654109006
SHA1

1177f44b7dd14c54ae17b921917e0123189c9c09
SHA256

141e8f924ab11d38249ae1d3a3e09c53a1a247b20dae8bde821fceebe1a2e37a
SHA512

15844aa55807e3f683cacbcbc070e046c40fe82e6956158025ed2f3da778d2d3fa61dea33bb3c763b8f45ae41c57b3606806fe8dc1c7a956e21be899ba7490d4
SSDEEP

6144:fGuzlkFn01IqQ5YFJDvkXWoRIdE2A3w1PnWKGxCZvtI/YIvWg0O2DAummGgH:fvzlkZk8RBrgWDQdty5IVPmGH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Win64.Trojan.GreenBug

Files

Win64.Trojan.GreenBug.zip
.zip

Password: infected
Win64.Trojan.GreenBug
.exe windows:5 windows x64 arch:x64

4595293a8ae1f65a64130a9605dc76c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DecodePointer
CreateThread
SetEvent
WaitForSingleObject
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
Sleep
CreateTimerQueue
CreateEventW
CreateTimerQueueTimer
DeleteTimerQueueTimer
DeleteTimerQueue
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32NextW
SetConsoleCtrlHandler
SetErrorMode
SetUnhandledExceptionFilter
CreateFileA
SetFilePointer
ReadFile
SystemTimeToFileTime
GetCurrentDirectoryW
MultiByteToWideChar
LocalFileTimeToFileTime
GetFileAttributesW
CreateDirectoryW
CreateFileW
WriteFile
SetFileTime
CloseHandle
FindFirstFileW
GetModuleFileNameW
CreateProcessW
GetConsoleWindow
FindNextFileW
FindClose
OpenProcess
TerminateProcess
GetFileAttributesA
GetWindowsDirectoryW
GetCurrentProcess
GetSystemInfo
FileTimeToSystemTime
GetFileInformationByHandle
GetFileSize
UnmapViewOfFile
GetLocalTime
GetTickCount
SetEndOfFile
LoadLibraryW
ReadConsoleW
WriteConsoleW
SetStdHandle
GetTimeZoneInformation
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
DeleteFileW
WideCharToMultiByte
InitializeSListHead
ReleaseSemaphore
DuplicateHandle
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
OutputDebugStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
FlushFileBuffers
SetFilePointerEx
GetFileType
MoveFileExW
LoadLibraryExW
FreeLibrary
GetStdHandle
GetCurrentThread
GetOEMCP
GetACP
IsValidCodePage
GetConsoleMode
SetEnvironmentVariableA
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
CreateSemaphoreW
GetStartupInfoW
SetLastError
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetCurrentThreadId
GetStringTypeW
EncodePointer
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
GetCPInfo
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetLogicalProcessorInformation
ChangeTimerQueueTimer
GetModuleHandleW
GetNumaHighestNodeNumber
GetProcessAffinityMask

user32

TranslateMessage
GetSystemMetrics
GetDC
LoadAcceleratorsW
TranslateAcceleratorW
wsprintfW
ReleaseDC
DispatchMessageW
GetDesktopWindow
GetMessageW

gdi32

BitBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoCreateGuid
StringFromGUID2

gdiplus

GdipDisposeImage
GdipSaveImageToFile
GdiplusShutdown
GdipAlloc
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipFree

ws2_32

recv
inet_addr
htons
socket
WSAStartup
WSACleanup
closesocket
select
sendto

psapi

GetProcessMemoryInfo
QueryWorkingSet

Sections

.text
Size: 644KB - Virtual size: 644KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

4595293a8ae1f65a64130a9605dc76c7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

gdiplus

ws2_32

psapi

Sections

.text Size: 644KB - Virtual size: 644KB

.rdata Size: 212KB - Virtual size: 212KB

.data Size: 32KB - Virtual size: 32KB

.pdata Size: 32KB - Virtual size: 32KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 644KB - Virtual size: 644KB

.rdata
Size: 212KB - Virtual size: 212KB

.data
Size: 32KB - Virtual size: 32KB

.pdata
Size: 32KB - Virtual size: 32KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 8KB