Static task
static1
General
-
Target
Zoka Swapped.exe
-
Size
12.1MB
-
MD5
e442742445c493bdbde9c8d07cae2653
-
SHA1
1f0b0009db7a6673d52585ba5730e1cad0d6db9f
-
SHA256
58b4ed9a4e7429b667bdf0e08f9c05eb076edda90c795c67aa9b5233f917dfd6
-
SHA512
09d57dad35355bb3ddc6c5a32936e632b35f847a3509f5957dc0a53b5699f4161cd7202a915f0e5aae7d59cdd9c7819ee922dc72c919e9ec3c0e747a8d234446
-
SSDEEP
196608:wFruudSIPu9VNxPOR+VEsoktK7U4q8e+1bNYy7Qj7dklxnOw:wzdZPskoGIwpl86xn
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Zoka Swapped.exe
Files
-
Zoka Swapped.exe.exe windows:6 windows x64 arch:x64
a7d2b30bef0316d07c5e2dd55b312b02
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
advapi32
CryptEncrypt
CryptReleaseContext
CryptGenRandom
GetUserNameA
GetTokenInformation
GetLengthSid
OpenProcessToken
IsValidSid
CopySid
ConvertSidToStringSidA
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptAcquireContextA
crypt32
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertOpenStore
CertCloseStore
kernel32
HeapDestroy
DeleteCriticalSection
GetProcessHeap
WinExec
LocalFree
SetLastError
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryA
VerifyVersionInfoA
QueryPerformanceCounter
GetTickCount
MoveFileExA
WaitForSingleObjectEx
MultiByteToWideChar
GetEnvironmentVariableA
GetFileType
PeekNamedPipe
WaitForMultipleObjects
CreateThread
GetFileSizeEx
WideCharToMultiByte
InitOnceBeginInitialize
InitOnceComplete
CreateToolhelp32Snapshot
HeapAlloc
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
HeapFree
GetModuleFileNameA
GetConsoleWindow
SetConsoleTitleA
SetConsoleMode
GetConsoleMode
LoadLibraryW
LoadLibraryA
LoadLibraryExA
GetProcAddress
GetModuleHandleA
FreeLibrary
VirtualFree
VirtualProtect
VirtualAlloc
GetWindowsDirectoryW
OpenProcess
Process32Next
CreateFileA
FindClose
FindFirstFileW
GetFileAttributesExW
AreFileApisANSI
GetModuleHandleW
GetFileInformationByHandleEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
Process32First
GetCurrentProcess
Sleep
WaitForSingleObject
GetLastError
Beep
IsDebuggerPresent
WriteFile
ReadFile
DeleteFileW
GetStdHandle
DeviceIoControl
CloseHandle
CreateFileW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
GetLocaleInfoEx
msvcp140
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?do_encoding@?$codecvt@_SDU_Mbstatet@@@std@@MEBAHXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?__ExceptionPtrCreate@@YAXPEAX@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Mtx_init_in_situ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
_Cnd_wait
_Cnd_broadcast
_Cnd_register_at_thread_exit
_Cnd_unregister_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Xbad_function_call@std@@YAXXZ
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
??0?$_Yarn@D@std@@QEAA@XZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?id@?$ctype@D@std@@2V0locale@2@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?uncaught_exception@std@@YA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?__ExceptionPtrDestroy@@YAXPEAX@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
normaliz
IdnToAscii
psapi
GetModuleInformation
shell32
ShellExecuteW
ShellExecuteA
user32
UnhookWindowsHookEx
MessageBoxA
GetWindowThreadProcessId
EnumWindows
IsWindowVisible
GetWindow
PostThreadMessageA
SetWindowsHookExA
userenv
UnloadUserProfile
vcruntime140
__current_exception
memchr
strstr
strrchr
strchr
__C_specific_handler
memcmp
_purecall
__std_terminate
memset
memcpy
memcpy
__std_exception_destroy
__std_exception_copy
__current_exception_context
_CxxThrowException
vcruntime140_1
__CxxFrameHandler4
wldap32
ldap_bind_sA
ldap_next_entry
ldap_initA
ldap_unbind_s
ldap_sslinitA
ldap_search_sA
ldap_msgfree
ldap_err2stringA
ldap_set_optionA
ldap_first_entry
ldap_simple_bind_sA
ldap_first_attributeA
ldap_next_attributeA
ldap_get_values_lenA
ldap_value_freeW
ldap_memfreeA
ber_free
ldap_get_dnA
ws2_32
getaddrinfo
closesocket
recv
send
WSAGetLastError
bind
connect
getpeername
__WSAFDIsSet
ioctlsocket
getsockname
listen
getsockopt
htons
FreeAddrInfoW
recvfrom
sendto
htons
htonl
setsockopt
socket
WSASetLastError
select
gethostname
WSAIoctl
WSAStartup
htonl
accept
WSACleanup
ucrtbase
strtoul
atoi
strtol
_strtoui64
_strtoi64
strtod
_fstat64
_access
remove
_unlink
_unlock_file
_lock_file
_stat64
_set_new_mode
realloc
malloc
calloc
_callnewh
free
localeconv
___lc_codepage_func
_configthreadlocale
__setusermatherr
_dclass
abort
system
_getpid
_beginthreadex
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_errno
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
terminate
_resetstkoflw
_seh_filter_exe
_set_app_type
_invalid_parameter_noinfo
_get_initial_narrow_environment
_initterm
_initterm_e
_Exit
exit
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
strerror
_initialize_narrow_environment
__sys_nerr
_set_fmode
_read
_write
_close
_open
__p__commode
fputs
fgetpos
fputc
fread
fsetpos
_fseeki64
fwrite
setvbuf
ungetc
_lseeki64
fflush
fclose
_get_stream_buffer_pointers
__acrt_iob_func
__stdio_common_vfprintf
_pclose
fgets
__stdio_common_vsprintf
ftell
fseek
feof
_popen
__stdio_common_vsscanf
fgetc
fopen
_stricmp
strncpy
strncmp
tolower
strpbrk
isupper
strspn
strcspn
strcmp
strcpy_s
_mbsdup
_time64
_gmtime64
rand
qsort
ntdll
RtlLookupFunctionEntry
RtlCaptureContext
RtlImageNtHeader
RtlVirtualUnwind
Sections
.text Size: 483KB - Virtual size: 484KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 110KB - Virtual size: 120KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 281KB - Virtual size: 288KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 21KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.idata Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.winlice Size: 7.0MB - Virtual size: 7.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 4.2MB - Virtual size: 4.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 4KB
IMAGE_SCN_MEM_READ
.SCY Size: 14KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE