Release[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Release.zip
Size

2.2MB
MD5

8eb8689953b50ed87194e2501e8bacce
SHA1

0b3ffefe623bb1330f7e4d7dad553f6c1d2fae25
SHA256

21848b3990f941028498dbde1b501b6b45adc21a09291453972ed278661eb514
SHA512

03de0a0f12531d83e99dd1d47a8834613aec801b2eba512ef46e2dd7a03fb4564f8ec9eff75f9dd4a6f3aa200de326ae67fedc3fccb3197f8c7d71e13c0985e1
SSDEEP

49152:gzrYVxHrIqvhEoSRlic9IfWhhNWcUic9+JJ7KLG3VYic9Jv0W4Lg:goVxUqpMsc9kUEchc9GJ7KLGvc9Rl4k

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Release/Builds/Core Build.exe
unpack001/Release/Builds/OwlFetch.exe
unpack001/Release/Configurator.exe
unpack001/Release/Loader.exe
unpack001/Release/Temp/Resources/ZenConekt.dll
unpack001/Release/UseSafeLoader.exe

Files

Release.zip
.zip
Release/Builds/Core Build.exe
.exe windows:5 windows x64 arch:x64

48e414e431433a62713440d22abb8343

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

wsock32

gethostbyname

winmm

mixerOpen

version

VerQueryValueW

comctl32

ImageList_Create

psapi

GetModuleBaseNameW

wininet

InternetOpenW

user32

GetDC

gdi32

BitBlt

comdlg32

GetSaveFileNameW

advapi32

RegCloseKey

shell32

DragFinish

ole32

CoGetObject

oleaut32

SafeArrayGetLBound

Sections

.MPRESS1
Size: 410KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Release/Builds/OwlFetch.exe
.exe windows:5 windows x64 arch:x64

48e414e431433a62713440d22abb8343

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

wsock32

gethostbyname

winmm

mixerOpen

version

VerQueryValueW

comctl32

ImageList_Create

psapi

GetModuleBaseNameW

wininet

InternetOpenW

user32

GetDC

gdi32

BitBlt

comdlg32

GetSaveFileNameW

advapi32

RegCloseKey

shell32

DragFinish

ole32

CoGetObject

oleaut32

SafeArrayGetLBound

Sections

.MPRESS1
Size: 410KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Release/Configurator.exe
.exe windows:5 windows x64 arch:x64

48e414e431433a62713440d22abb8343

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

wsock32

gethostbyname

winmm

mixerOpen

version

VerQueryValueW

comctl32

ImageList_Create

psapi

GetModuleBaseNameW

wininet

InternetOpenW

user32

GetDC

gdi32

BitBlt

comdlg32

GetSaveFileNameW

advapi32

RegCloseKey

shell32

DragFinish

ole32

CoGetObject

oleaut32

SafeArrayGetLBound

Sections

.MPRESS1
Size: 409KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Release/Credits.txt
Release/Loader.exe
.exe windows:5 windows x64 arch:x64

48e414e431433a62713440d22abb8343

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

wsock32

gethostbyname

winmm

mixerOpen

version

VerQueryValueW

comctl32

ImageList_Create

psapi

GetModuleBaseNameW

wininet

InternetOpenW

user32

GetDC

gdi32

BitBlt

comdlg32

GetSaveFileNameW

advapi32

RegCloseKey

shell32

DragFinish

ole32

CoGetObject

oleaut32

SafeArrayGetLBound

Sections

.MPRESS1
Size: 409KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Release/Readme b4 Extract.txt
Release/Temp/Resources/Beep.mp3
Release/Temp/Resources/CFG.ini
Release/Temp/Resources/PreZen.bin
Release/Temp/Resources/Self_sanity.txt
Release/Temp/Resources/ZenConekt.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\zys\source\repos\ZenConekt\ZenConekt\obj\Debug\netstandard2.0\ZenConekt.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Release/UseSafeLoader.exe
.exe windows:5 windows x64 arch:x64

48e414e431433a62713440d22abb8343

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

wsock32

gethostbyname

winmm

mixerOpen

version

VerQueryValueW

comctl32

ImageList_Create

psapi

GetModuleBaseNameW

wininet

InternetOpenW

user32

GetDC

gdi32

BitBlt

comdlg32

GetSaveFileNameW

advapi32

RegCloseKey

shell32

DragFinish

ole32

CoGetObject

oleaut32

SafeArrayGetLBound

Sections

.MPRESS1
Size: 410KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

48e414e431433a62713440d22abb8343

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wsock32

winmm

version

comctl32

psapi

wininet

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.MPRESS1 Size: 410KB - Virtual size: 1.1MB

.MPRESS2 Size: 4KB - Virtual size: 3KB

.rsrc Size: 11KB - Virtual size: 10KB

48e414e431433a62713440d22abb8343

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wsock32

winmm

version

comctl32

psapi

wininet

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.MPRESS1 Size: 410KB - Virtual size: 1.1MB

.MPRESS2 Size: 4KB - Virtual size: 3KB

.rsrc Size: 31KB - Virtual size: 30KB

48e414e431433a62713440d22abb8343

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wsock32

winmm

version

comctl32

psapi

wininet

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.MPRESS1 Size: 409KB - Virtual size: 1.2MB

.MPRESS2 Size: 4KB - Virtual size: 3KB

.rsrc Size: 120KB - Virtual size: 119KB

48e414e431433a62713440d22abb8343

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

.MPRESS1
Size: 410KB - Virtual size: 1.1MB

.MPRESS2
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 11KB - Virtual size: 10KB

.MPRESS1
Size: 410KB - Virtual size: 1.1MB

.MPRESS2
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 31KB - Virtual size: 30KB

.MPRESS1
Size: 409KB - Virtual size: 1.2MB

.MPRESS2
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 120KB - Virtual size: 119KB

.MPRESS1
Size: 409KB - Virtual size: 1.3MB

.MPRESS2
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 183KB - Virtual size: 183KB

.text
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 796B

.reloc
Size: 512B - Virtual size: 12B

.MPRESS1
Size: 410KB - Virtual size: 1.3MB

.MPRESS2
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 183KB - Virtual size: 183KB