ezyZip[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ezyZip.zip
Size

3.1MB
MD5

9349188894ecbc9de28ff89adaabc6f1
SHA1

3c8162be8bc55c0e349c5c98aac275eb2df7e815
SHA256

b482af5ec904ef3b5b5f77141743cd4d2bb634d71217f3848bff44273edadc3b
SHA512

5a7d12d3bd19b42255c9d16174cbdf94dc4263e2270c9c2bae54508a207fbc63744c9cece43c235719d6ebb487b4c9627a59255925afe261dd0e2f8ee5bd41c9
SSDEEP

98304:aRxu1R7T/hxTlD1W8NdUuovGj3l3C684B1O5:WxKR7T/HT+8nn713N8S1O5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FiveM Executsion/x64/Release/Cidia FiveM Manager.dll

Files

ezyZip.zip
.zip
FiveM Executsion/Cidia FiveM Manager.sln
FiveM Executsion/Cidia FiveM Manager/Cidia FiveM Manager.vcxproj
.xml
FiveM Executsion/Cidia FiveM Manager/Cidia FiveM Manager.vcxproj.filters
FiveM Executsion/Cidia FiveM Manager/Cidia FiveM Manager.vcxproj.user
FiveM Executsion/Cidia FiveM Manager/LuaScriptRuntime.h
FiveM Executsion/Cidia FiveM Manager/dllmain.cpp
FiveM Executsion/Cidia FiveM Manager/framework.h
FiveM Executsion/Cidia FiveM Manager/pch.cpp
FiveM Executsion/Cidia FiveM Manager/pch.h
FiveM Executsion/Cidia FiveM Manager/x64/Release/Cidia Fi.7757a2d5.tlog/CL.command.1.tlog
FiveM Executsion/Cidia FiveM Manager/x64/Release/Cidia Fi.7757a2d5.tlog/CL.read.1.tlog
FiveM Executsion/Cidia FiveM Manager/x64/Release/Cidia Fi.7757a2d5.tlog/CL.write.1.tlog
FiveM Executsion/Cidia FiveM Manager/x64/Release/Cidia Fi.7757a2d5.tlog/Cidia FiveM Manager.lastbuildstate
FiveM Executsion/Cidia FiveM Manager/x64/Release/Cidia Fi.7757a2d5.tlog/Cl.items.tlog
FiveM Executsion/Cidia FiveM Manager/x64/Release/Cidia Fi.7757a2d5.tlog/link.command.1.tlog
FiveM Executsion/Cidia FiveM Manager/x64/Release/Cidia Fi.7757a2d5.tlog/link.read.1.tlog
FiveM Executsion/Cidia FiveM Manager/x64/Release/Cidia Fi.7757a2d5.tlog/link.write.1.tlog
FiveM Executsion/Cidia FiveM Manager/x64/Release/Cidia FiveM Manager.dll.recipe
FiveM Executsion/Cidia FiveM Manager/x64/Release/Cidia FiveM Manager.iobj
FiveM Executsion/Cidia FiveM Manager/x64/Release/Cidia FiveM Manager.ipdb
FiveM Executsion/Cidia FiveM Manager/x64/Release/Cidia FiveM Manager.log
FiveM Executsion/Cidia FiveM Manager/x64/Release/Cidia FiveM Manager.pch
FiveM Executsion/Cidia FiveM Manager/x64/Release/dllmain.obj
FiveM Executsion/Cidia FiveM Manager/x64/Release/g_manager.obj
FiveM Executsion/Cidia FiveM Manager/x64/Release/pch.obj
FiveM Executsion/Cidia FiveM Manager/x64/Release/vc143.pdb
FiveM Executsion/x64/Release/Cidia FiveM Manager.dll
.dll windows:6 windows x64 arch:x64

3523a29a4ae8e4397fa171912988f2c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Stein\source\repos\Cidia FiveM Manager\x64\Release\Cidia FiveM Manager.pdb

Imports

kernel32

CreateThread
GetModuleHandleW
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
RtlCaptureContext

user32

MessageBoxA

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
__C_specific_handler
__std_exception_destroy
memcpy
memmove
memchr
__std_type_info_destroy_list
__std_exception_copy
memset

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_execute_onexit_table
_cexit
_initterm_e
_initterm
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_configure_narrow_argv
_seh_filter_dll

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FiveM Executsion/x64/Release/Cidia FiveM Manager.pdb

Sharing

General

Malware Config

Signatures

Files

3523a29a4ae8e4397fa171912988f2c2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 852B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 104B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 852B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 104B