Shade[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Shade.zip
Size

905KB
MD5

d2692ae162eaa709fc51d353584f07f0
SHA1

5a7ab325fd4662483a74e020249ab73f3557970f
SHA256

23aa29c51dfaab97c07c2b1f9e61c9aabd1a8db97750ec1864b42cd2184710be
SHA512

98a6b721b976320add77c4f2671c052dae38b36b420c23b60572d569ecad173a9ac0e616f6438b94d030ec64309f869bee6d8cfb786bff737802275003fbedb0
SSDEEP

24576:5/Y3yTr4rFBZQ6ywN/9b5wYzaoXoUTBy8uUUSH:bCZ/Z9bpzL4Uly8TH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/inf.exe

Files

Shade.zip
.zip
inf.exe
.exe windows:5 windows x86 arch:x86

dc8730fd7ae2a648fc7266ee1e825793

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDateFormatW
GetDefaultCommConfigW
GetEnvironmentStrings
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesExW
GetFileAttributesW
GetFileType
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDrives
GetModuleFileNameA
GetModuleFileNameW
GetOEMCP
GetOverlappedResult
GetPrivateProfileStringA
GetProcessHeap
GetProcessTimes
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetTimeFormatA
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExA
GetVersionExW
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InterlockedDecrement
GetConsoleCP
InterlockedIncrement
IsDebuggerPresent
IsValidCodePage
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryW
LocalAlloc
LocalFree
MoveFileW
MultiByteToWideChar
OpenProcess
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleW
ReadFile
RemoveDirectoryW
ResetEvent
RtlUnwind
SearchPathW
SetConsoleCtrlHandler
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableA
SetEvent
SetFilePointer
SetHandleCount
SetHandleInformation
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualFree
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile
WritePrivateProfileSectionA
GetComputerNameW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetACP
FreeLibrary
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FreeConsole
FormatMessageW
FlushFileBuffers
FindNextFileW
FindFirstFileW
FindClose
FileTimeToSystemTime
FatalAppExitA
ExpandEnvironmentStringsW
ExitProcess
EnumSystemLocalesA
EnterCriticalSection
DuplicateHandle
DeleteFileW
DeleteCriticalSection
CreateSemaphoreW
CreateProcessW
CreateFileW
CreateFileA
CreateEventW
CreateDirectoryW
CompareStringW
CompareStringA
CloseHandle
CancelIo
BackupRead
AllocConsole
GetModuleHandleA
LoadLibraryA
GetProcAddress
InterlockedExchange
VirtualAlloc

user32

LoadCursorW
PeekMessageW
MsgWaitForMultipleObjects
CharNextW

advapi32

SetSecurityDescriptorDacl
SetEntriesInAclW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
OpenProcessToken
MakeSelfRelativeSD
MakeAbsoluteSD
LookupAccountSidW
LookupAccountNameW
IsValidSid
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
GetSidIdentifierAuthority
GetSecurityInfo
GetSecurityDescriptorLength
GetSecurityDescriptorControl
GetLengthSid
GetAclInformation
FreeSid
EqualSid
CreateProcessAsUserW
CopySid
AllocateAndInitializeSid
RegOpenKeyA
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorSacl
SetSecurityInfo
SetNamedSecurityInfoW

shell32

SHGetDiskFreeSpaceA
CheckEscapesW
DragQueryFile
SHEmptyRecycleBinW
SHFileOperationW
ShellExecuteW
ShellExecuteEx
SHQueryRecycleBinA
SHLoadNonloadedIconOverlayIdentifiers
SHInvokePrinterCommandA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
SHGetDiskFreeSpaceExW

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

shlwapi

StrCmpNIW
StrRChrA
StrStrA
StrCmpNIA

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 807KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc8730fd7ae2a648fc7266ee1e825793

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 27KB - Virtual size: 807KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 27KB - Virtual size: 807KB