dope[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

dope.zip
Size

976KB
MD5

1c29500962bc8f17d74e06a4ad5c3d25
SHA1

4f8bd41e53bb2f786aed8bbd3dec170f438b6ed4
SHA256

c48a7f82a37b9e5cce890c4739c645e128c97501139364d97e5c233327ab98c6
SHA512

88ae8bc1e1ae539452010ad4bf8bbb474003484e78a3bd1b68526472ba1c6eca7728a346a2b195d0b999ccf99a5649465e5283cca1355559db349be4018a20d3
SSDEEP

24576:Khudl5uw1wWpdo7wQspbKgj/h4wO2h+6iyBozU7hnj4:5wd7wfpbKgjhA2h+0SIhnj4

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dope.dll
unpack001/loader.exe

Files

dope.zip
.zip
dope.dll
.dll windows:6 windows x64 arch:x64

2e545aee090f86645aa5372725e21358

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\admin\Desktop\dope sapphire\x64\Release\dope.pdb

Imports

jvm

JNI_GetCreatedJavaVMs

opengl32

glViewport
glGetIntegerv
glPopMatrix
glEnable
glDepthMask
glLoadMatrixf
glEnd
glMatrixMode
glLineWidth
glColor3f
glBlendFunc
glBegin
glVertex3d
glDisable
glPushMatrix
glVertex3f
glColor4f
glEnableClientState
glPopAttrib
glPolygonMode
glBindTexture
glPushAttrib
glOrtho
glPixelStorei
glShadeModel
glDrawElements
glTexEnvi
glColorPointer
glTexImage2D
glGetTexEnviv
glTexCoordPointer
glDeleteTextures
glTexParameteri
glLoadIdentity
glDisableClientState
glScissor
glVertexPointer
glGenTextures

user32

GetWindowTextLengthA
GetTopWindow
MessageBoxA
GetClassNameA
IsWindowVisible
GetWindow
GetWindowThreadProcessId
GetAsyncKeyState
FindWindowA
GetForegroundWindow
ShowWindow
GetCursorPos
GetWindowTextA
SendMessageW
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard

kernel32

CreateFileW
GetStringTypeW
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileSizeEx
GetConsoleOutputCP
WriteFile
FlushFileBuffers
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetFileType
SetEndOfFile
LCMapStringW
GetModuleFileNameW
ExitProcess
ReadFile
GetModuleHandleExW
ExitThread
RtlUnwind
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
SetLastError
InterlockedFlushSList
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapSize
WriteConsoleW
GetStdHandle
Sleep
GetTickCount64
GetCurrentProcessId
GetModuleHandleW
FreeLibraryAndExitThread
CloseHandle
FreeConsole
CreateThread
GetConsoleWindow
AllocConsole
UnmapViewOfFile
OpenFileMappingA
MapViewOfFile
VirtualQuery
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
VirtualFree
VirtualAlloc
GetSystemInfo
HeapCreate
VirtualProtect
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
GetLastError
HeapReAlloc
HeapAlloc
HeapDestroy
GetThreadContext
GetProcAddress
FlushInstructionCache
SetThreadContext
OpenThread
InitOnceComplete
InitOnceBeginInitialize
WaitForSingleObjectEx
GetExitCodeThread
QueryPerformanceCounter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

Sections

.text
Size: 448KB - Virtual size: 447KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
loader.exe
.exe windows:6 windows x64 arch:x64

ffd352750214ba2886cfb2f17d116d60

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\admin\Desktop\dope sapphire\x64\Release\dope loader.pdb

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

kernel32

GetProcAddress
VirtualAllocEx
GetConsoleWindow
CreateRemoteThread
VirtualFreeEx
CreateFileMappingW
MapViewOfFile
GetExitCodeProcess
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
FreeLibrary
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
CloseHandle
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InitOnceBeginInitialize
InitOnceComplete
GetModuleFileNameW
GetCurrentProcess
FatalAppExitW
GetTickCount64
Sleep
OpenProcess
GetModuleHandleA
WaitForSingleObject
GetSystemTimeAsFileTime
InitializeSListHead
UnmapViewOfFile
WriteProcessMemory
GetModuleFileNameA

user32

GetKeyState
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
PostQuitMessage
GetForegroundWindow
SetCapture
GetWindowTextLengthA
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
TrackMouseEvent
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetWindow
DispatchMessageA
GetWindowRect
RegisterClassExA
DestroyWindow
IsWindowVisible
SetWindowPos
GetSystemMetrics
UpdateWindow
GetCursorPos
UnregisterClassA
PeekMessageA
TranslateMessage
GetWindowThreadProcessId
ShowWindow
FindWindowA
CreateWindowExA
DefWindowProcA
GetTopWindow
MessageBoxA
GetWindowTextA
GetClassNameA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

ShellExecuteA

msvcp140

??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Throw_C_error@std@@YAXH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z

imm32

ImmSetCandidateWindow
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmAssociateContextEx

d3dcompiler_43

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_copy
memmove
__std_exception_destroy
memcpy
memcmp
memchr
memset
_CxxThrowException
__current_exception_context
strstr
__current_exception
__C_specific_handler
__std_terminate

api-ms-win-crt-math-l1-1-0

sqrtf
fmodf
acosf
ceilf
_dclass
cos
atan2f
_dsign
cosf
sinf
powf
pow
__setusermatherr

api-ms-win-crt-convert-l1-1-0

atof
strtod
strtoll
strtol
strtoull

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_set_app_type
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
terminate
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_crt_atexit
abort
_cexit
_register_onexit_function
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_errno
_initialize_narrow_environment
_configure_narrow_argv
_beginthreadex

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__stdio_common_vsprintf_s
__stdio_common_vsscanf
_wfopen
fputc
fseek
__acrt_iob_func
ftell
__p__commode
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
fwrite
_set_fmode
fgetc
__stdio_common_vsprintf
fclose
fflush

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
malloc
free

api-ms-win-crt-utility-l1-1-0

qsort
srand

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-string-l1-1-0

strcpy_s
strcmp
strncpy

Sections

.text
Size: 423KB - Virtual size: 423KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 462KB - Virtual size: 462KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e545aee090f86645aa5372725e21358

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

jvm

opengl32

user32

kernel32

imm32

Sections

.text Size: 448KB - Virtual size: 447KB

.rdata Size: 216KB - Virtual size: 216KB

.data Size: 5KB - Virtual size: 11KB

.pdata Size: 19KB - Virtual size: 19KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 2KB - Virtual size: 2KB

ffd352750214ba2886cfb2f17d116d60

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

d3dx11_43

kernel32

user32

advapi32

shell32

msvcp140

imm32

d3dcompiler_43

dwmapi

vcruntime140_1

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

Sections

.text Size: 423KB - Virtual size: 423KB

.rdata Size: 462KB - Virtual size: 462KB

.data Size: 16KB - Virtual size: 18KB

.pdata Size: 16KB - Virtual size: 15KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1024B - Virtual size: 784B

.text
Size: 448KB - Virtual size: 447KB

.rdata
Size: 216KB - Virtual size: 216KB

.data
Size: 5KB - Virtual size: 11KB

.pdata
Size: 19KB - Virtual size: 19KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 423KB - Virtual size: 423KB

.rdata
Size: 462KB - Virtual size: 462KB

.data
Size: 16KB - Virtual size: 18KB

.pdata
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 784B