Cordycep-2[.]4[.]0[.]1[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Cordycep-2.4.0.1.zip
Size

1.5MB
MD5

d350547480fde01b569e0d163bf34867
SHA1

8da648320353432d4b83c66558adb8b22ad21794
SHA256

4e2bdbb2ca88d95b99e3cf527c2bdbe1d9e06b00a1f63af683562123a95d925a
SHA512

125c21c556d7863045e4be707f4e664ca09e4bab92b618e0dbdc5c14505c6c7f6fb852b6c63081dac61798eb0ac7446744449ed80048e82ad8c974dc5ce2b1ca
SSDEEP

24576:d3EkFesEISIKdsb00OB6B5ghwE8t7y0Wf8H2bDJuO8T+2Cp2oMS34p3S2at5pVmE:RisEISvib00OB6PewEUtWLgNTPk8262D

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Cordycep.CLI.exe
unpack001/Data/Deps/Scylla_x64.dll

Files

Cordycep-2.4.0.1.zip
.zip
Cordycep.CLI.exe
.exe windows:6 windows x64 arch:x64

fb0feeb055f1b912793694a088034f07

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\UGit\Cordycep_Final\src\x64\Release\Cordycep.CLI.pdb

Imports

kernel32

CreateFileA
CloseHandle
K32GetModuleInformation
GetCurrentProcessId
GetConsoleWindow
IsDebuggerPresent
SetUnhandledExceptionFilter
SetFilePointerEx
ReadFile
FindFirstFileA
FindNextFileA
FindClose
GetLastError
OpenProcess
CreateToolhelp32Snapshot
Module32First
ReadProcessMemory
Thread32First
Thread32Next
Process32First
Process32Next
OpenThread
TerminateThread
MultiByteToWideChar
LoadLibraryA
FreeLibrary
GetProcAddress
CreateProcessA
WaitForDebugEvent
K32GetModuleFileNameExA
ContinueDebugEvent
GetPriorityClass
SetPriorityClass
GetFileAttributesA
WriteFile
GetFileSizeEx
VirtualProtect
FlushInstructionCache
GetCurrentThread
GetModuleFileNameA
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetLastError
CreateDirectoryA
SetFilePointer
SetEndOfFile
UnmapViewOfFile
CreateFileMappingA
GetFileSize
MapViewOfFile
GetFileTime
WriteConsoleW
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
GetModuleHandleExA
GetCurrentThreadId
DebugActiveProcessStop
GetCurrentProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapSize
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
VirtualAlloc
VirtualFree
VirtualQuery
GetModuleHandleW
LoadLibraryExW
FormatMessageA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
WideCharToMultiByte
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
SetFileInformationByHandle
AreFileApisANSI
DeviceIoControl
CopyFileW
GetFileInformationByHandleEx
CreateSymbolicLinkW
LocalFree
GetLocaleInfoEx
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetStringTypeW
GetCPInfo
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetCommandLineA
GetCommandLineW
HeapAlloc
GetTimeZoneInformation
HeapFree
GetFileType
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
RtlUnwind

user32

MoveWindow
MessageBoxA
GetWindowRect

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

ws2_32

closesocket
socket
connect
recv
WSAGetLastError
WSAStartup
getaddrinfo
send

dbghelp

ImageNtHeader
MiniDumpWriteDump

Sections

.text
Size: 833KB - Virtual size: 833KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Data/Aliases/ModernWarfareAliases.json
Data/Aliases/ModernWarfareRemasteredAliases.json
Data/Aliases/VanguardAliases.json
Data/Configs/CoDIWHandler.toml
Data/Configs/CoDMW4Handler.toml
Data/Configs/CoDMW5Handler.toml
Data/Configs/CoDMW5HandlerSP.toml
Data/Configs/CoDMW6Handler.toml
Data/Configs/CoDMW6HandlerSP.toml
Data/Configs/CoDVGHandler.toml
Data/Deps/Scylla_x64.dll
.dll windows:5 windows x64 arch:x64

a4b192fb7f7c9235dafc61f7c2ce1c63

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FindResourceW
LoadResource
SetUnhandledExceptionFilter
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
SizeofResource
LeaveCriticalSection
lstrlenW
SetLastError
EnterCriticalSection
lstrcmpiW
DeleteCriticalSection
GetCurrentThreadId
GetVersion
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
FindFirstFileW
FindClose
FindNextFileW
CopyFileW
ReadProcessMemory
GetFileSizeEx
VirtualProtectEx
WideCharToMultiByte
GetVersionExW
GetSystemInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
SetHandleCount
HeapReAlloc
GetLastError
GetStdHandle
HeapDestroy
HeapCreate
HeapSetInformation
GetStringTypeW
ExitProcess
HeapSize
Sleep
FlsAlloc
FlsFree
FlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
GetCommandLineA
FlsSetValue
DecodePointer
EncodePointer
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
GetProcessHeap
HeapAlloc
HeapFree
InterlockedPushEntrySList
lstrlenA
CreateFileW
MultiByteToWideChar
CreateFileMappingW
MapViewOfFile
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
WriteConsoleW
ResumeThread
WriteProcessMemory
CloseHandle
GetExitCodeThread
VirtualAllocEx
SetThreadPriority
LoadLibraryW
VirtualFreeEx
CreateRemoteThread
WaitForSingleObject
FreeLibrary
GlobalFree
RaiseException
FlushInstructionCache
GlobalUnlock
MulDiv
GlobalAlloc
GlobalLock
GetCurrentProcess
QueryDosDeviceW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetModuleFileNameW
GetPrivateProfileStringW
GetModuleHandleA
LoadLibraryA
GetProcAddress
VirtualQueryEx
GetModuleHandleW
LCMapStringW
UnmapViewOfFile

user32

LoadIconW
DragDetect
IsDialogMessageW
GetMenu
IntersectRect
InflateRect
GetKeyState
EnableMenuItem
GetSysColor
GetActiveWindow
AdjustWindowRectEx
SetCapture
PostQuitMessage
ScreenToClient
LoadAcceleratorsW
AppendMenuW
DialogBoxParamW
ReleaseCapture
EnableWindow
GetMessagePos
DestroyAcceleratorTable
GetMessageW
TranslateAcceleratorW
GetWindowTextLengthW
SetDlgItemTextW
ReleaseDC
CharNextW
TranslateMessage
PeekMessageW
CreateDialogParamW
DispatchMessageW
UpdateWindow
LoadImageW
GetDC
GetDesktopWindow
DestroyIcon
SetFocus
ClientToScreen
CloseClipboard
MonitorFromPoint
TrackPopupMenu
GetSubMenu
IsClipboardFormatAvailable
MessageBeep
GetWindowLongPtrW
InvalidateRect
LoadMenuW
GetClipboardData
GetWindowTextW
EmptyClipboard
SetWindowLongW
RedrawWindow
ShowWindow
IsWindow
OpenClipboard
MessageBoxW
IsWindowVisible
SetWindowLongPtrW
SetClipboardData
DestroyMenu
GetDlgCtrlID
CallWindowProcW
DefWindowProcW
DestroyWindow
GetWindowRect
GetParent
GetClientRect
GetWindowLongW
MonitorFromWindow
GetDlgItem
EndDialog
SetWindowPos
CreateWindowExW
SendMessageW
MapWindowPoints
SetWindowTextW
GetMonitorInfoW
GetWindow
CreatePopupMenu
UnregisterClassA

gdi32

GetObjectW
DeleteObject
CreateFontIndirectW
GetDeviceCaps
GetClipBox
CreatePatternBrush
CreateRectRgn
CombineRgn
CreateRectRgnIndirect
SelectClipRgn
SelectObject
CreateBitmap
PatBlt

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW

shell32

ShellExecuteW

ole32

CoInitialize
CoTaskMemRealloc
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc

oleaut32

VarUI4FromStr

shlwapi

PathAppendW
PathRemoveFileSpecW

comctl32

ImageList_ReplaceIcon
ImageList_Create
InitCommonControlsEx
ImageList_Destroy

psapi

GetModuleFileNameExW
GetMappedFileNameW
EnumProcessModules
GetProcessImageFileNameW

imagehlp

CheckSumMappedFile

Exports

Exports

ScyllaDumpCurrentProcessA
ScyllaDumpCurrentProcessW
ScyllaDumpProcessA
ScyllaDumpProcessW
ScyllaIatFixAutoW
ScyllaIatSearch
ScyllaRebuildFileA
ScyllaRebuildFileW
ScyllaStartGui
ScyllaVersionInformationA
ScyllaVersionInformationDword
ScyllaVersionInformationW

Sections

.text
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LICENSE.md
OSSLicenses/LICENSE-CascLib.md
OSSLicenses/LICENSE-Detours.md
OSSLicenses/LICENSE-LZ4.md
OSSLicenses/LICENSE-Nlohmann-Json.md
OSSLicenses/LICENSE-Tomlplusplus.md
OSSLicenses/LICENSE-XXHash.md
OSSLicenses/LICENSE-ZLIB.md
Run/RunAW.bat
Run/RunIW.bat
Run/RunMW2CR.bat
Run/RunMW4.bat
Run/RunMW5.bat
Run/RunMW5SP.bat
Run/RunMW6.bat
Run/RunMW6SP.bat
Run/RunMWR.bat
Run/RunVG.bat

Sharing

General

Malware Config

Signatures

Files

fb0feeb055f1b912793694a088034f07

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ws2_32

dbghelp

Sections

.text Size: 833KB - Virtual size: 833KB

.rdata Size: 292KB - Virtual size: 292KB

.data Size: 19KB - Virtual size: 50KB

.pdata Size: 37KB - Virtual size: 37KB

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 143KB - Virtual size: 143KB

.reloc Size: 7KB - Virtual size: 6KB

a4b192fb7f7c9235dafc61f7c2ce1c63

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

psapi

imagehlp

Exports

Exports

Sections

.text Size: 311KB - Virtual size: 311KB

.rdata Size: 96KB - Virtual size: 96KB

.data Size: 39KB - Virtual size: 98KB

.pdata Size: 17KB - Virtual size: 17KB

.rsrc Size: 38KB - Virtual size: 38KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 833KB - Virtual size: 833KB

.rdata
Size: 292KB - Virtual size: 292KB

.data
Size: 19KB - Virtual size: 50KB

.pdata
Size: 37KB - Virtual size: 37KB

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 143KB - Virtual size: 143KB

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 311KB - Virtual size: 311KB

.rdata
Size: 96KB - Virtual size: 96KB

.data
Size: 39KB - Virtual size: 98KB

.pdata
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 38KB - Virtual size: 38KB

.reloc
Size: 3KB - Virtual size: 3KB