New folder[.]zip

Resubmissions

15/05/2024, 22:39

240515-2lf1raga52 3

15/05/2024, 22:36

240515-2jn9cafe9v 3

15/05/2024, 22:34

240515-2hjbpsfe31 3

Sharing

Copy URL Twitter E-mail

General

Target

New folder.zip
Size

12KB
MD5

5e3eb0fe4f607f24a5feb0eebab99872
SHA1

47722714bdb785fdcc8fe8c0ff1b8edce1ce4e03
SHA256

4ed59efd7af446319163065bc318e8a26dffbcfee13534a904ed5cbea91a603a
SHA512

b452331fa063d354c64964e85c612d2f0001336b1cd970b01c008c8dd6e88a78d7042f44c417350fc30a562a4050fc1cd396f9bdbb1f811f2820618cb89af988
SSDEEP

192:qgb4RZT6IXJySNwB8A/9oDTROQLHx8j9Y38HQAbrfMS5SxTd9HMhT/U59A7Ev:hY6eE8u9oDT80QDfqTdddB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/New folder/PillKing.exe

Files

New folder.zip
.zip
New folder/PillKing.exe
.exe windows:6 windows x64 arch:x64

a9563ca2ee659a9314820bead4ec962b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Imports

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc

api-ms-win-crt-private-l1-1-0

__C_specific_handler
memcpy

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
__p__wcmdln
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_set_app_type
_set_invalid_parameter_handler
abort
exit
signal

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vswprintf
fwrite

api-ms-win-crt-string-l1-1-0

_wcsdup
memset
strlen
strncmp
wcslen

user32

MessageBoxW

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
GetProcAddress
GetStartupInfoW
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryW
SetDllDirectoryW
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VerSetConditionMask
VerifyVersionInfoW
VirtualProtect
VirtualQuery

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_tzset

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
New folder/PillKing.py
.py .sh linux
New folder/PillKing.sh
.sh linux

Resubmissions

Sharing

General

Malware Config

Signatures

Files

a9563ca2ee659a9314820bead4ec962b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

user32

kernel32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 4KB - Virtual size: 4KB

.buildid Size: 512B - Virtual size: 53B

.data Size: 512B - Virtual size: 444B

.pdata Size: 512B - Virtual size: 396B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size: 4KB

.buildid
Size: 512B - Virtual size: 53B

.data
Size: 512B - Virtual size: 444B

.pdata
Size: 512B - Virtual size: 396B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 17KB - Virtual size: 16KB