Zoka_Premium[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Zoka_Premium.exe
Size

13.2MB
MD5

98bacaf4133c9b00d4f84bfc4ae8eecd
SHA1

29d668c06dcf1b03be9c29039b41853fd164c8f6
SHA256

357b7b31ebafb438f27e9117b9385d5423f69c6704416adb9bfafd9b0822c42d
SHA512

6f221e477ceed21bfbbd6942ce1d3ddbca0991a4ab2266988f42dd7380041b7e68f154761ef10c943d669cd357f909889c578459aefe7a6814bd8f8a09e7fde8
SSDEEP

393216:dF8GsIpSpyQyAwgag97/TLBjnj15XqvG:dFRlpSpyFAwgLbTLB94vG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Zoka_Premium.exe

Files

Zoka_Premium.exe
.exe windows:6 windows x64 arch:x64

00b8707ec59aca729bd3e1233c1f579b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

PathFileExistsW

iphlpapi

GetIpForwardTable

gdiplus

GdipCreateBitmapFromHBITMAP

kernel32

GetVersion
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

GetWindowThreadProcessId

gdi32

DeleteDC

advapi32

RegCloseKey

shell32

SHGetFolderPathW

ole32

GetHGlobalFromStream

ntdll

RtlVirtualUnwind

ws2_32

select

dbghelp

SymLoadModuleExW

crypt32

CertOpenStore

bcrypt

BCryptGenRandom

Sections

.text
Size: - Virtual size: 1007KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 439KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.b/H
Size: - Virtual size: 7.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.?nM
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Y=q
Size: 13.2MB - Virtual size: 13.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

00b8707ec59aca729bd3e1233c1f579b

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

iphlpapi

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

ntdll

ws2_32

dbghelp

crypt32

bcrypt

Sections

.text Size: - Virtual size: 1007KB

.rdata Size: - Virtual size: 439KB

.data Size: - Virtual size: 56KB

.pdata Size: - Virtual size: 48KB

_RDATA Size: - Virtual size: 500B

.b/H Size: - Virtual size: 7.6MB

.?nM Size: 4KB - Virtual size: 4KB

.Y=q Size: 13.2MB - Virtual size: 13.2MB

.reloc Size: 512B - Virtual size: 56B

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 1007KB

.rdata
Size: - Virtual size: 439KB

.data
Size: - Virtual size: 56KB

.pdata
Size: - Virtual size: 48KB

_RDATA
Size: - Virtual size: 500B

.b/H
Size: - Virtual size: 7.6MB

.?nM
Size: 4KB - Virtual size: 4KB

.Y=q
Size: 13.2MB - Virtual size: 13.2MB

.reloc
Size: 512B - Virtual size: 56B

.rsrc
Size: 512B - Virtual size: 480B