finalshell_install[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

finalshell_install.rar
Size

469KB
MD5

3fa7cf749702ffa89933657db77fd542
SHA1

3775c070995a98c74ddb1e23b115f3baf25afbf4
SHA256

40eaa92e5d880aa064bcbb2530e08eaf9f44373abe4659178e5099e315c2f1f6
SHA512

f31b98beb99c7a397f7d86cfea02b8178e8a1330422c2034b419ef3dc7dd3b071de40d56823ee5eb82378e23eb4d64a12e2953835f6780f0ca5332b9b12394bc
SSDEEP

12288:GMCMXNoIbFehWZulTkJGUzfs6Dx0i3w9dK2rIrVG:zCMXNokecZqkJGGfMXKcIrs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Phone.exe

Files

finalshell_install.rar
.rar
Phone.exe
.exe windows:4 windows x86 arch:x86

5f34d660b474229c0b63238ee3757465

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetUserNameW

kernel32

AddVectoredExceptionHandler
CloseHandle
CopyFileW
CreateDirectoryW
CreateFileA
CreateFileW
CreateHardLinkW
CreatePipe
CreateProcessW
CreateSymbolicLinkW
CreateThread
DebugBreak
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitThread
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GenerateConsoleCtrlEvent
GetComputerNameW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetEnvironmentVariableA
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesW
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetLongPathNameW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoW
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetThreadSelectorEntry
GetTickCount
GetVersion
GlobalAlloc
GlobalFree
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MultiByteToWideChar
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleW
ReadFile
RemoveDirectoryW
ResumeThread
SetConsoleMode
SetConsoleOutputCP
SetFilePointer
SetHandleInformation
SetLastError
SetUnhandledExceptionFilter
Sleep
SuspendThread
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsGetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

__lconv_init
__mb_cur_max
__p__commode
__p__fmode
__p__wcmdln
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_amsg_exit
_beginthreadex
_cexit
_chsize
_chmod
_close
_endthreadex
_errno
_execve
_execvp
_fdopen
_filelengthi64
_fileno
_get_osfhandle
_getpid
_initterm
_iob
_lock
_onexit
_putenv
_read
_setjmp3
_telli64
_unlock
_utime
_waccess
_wchdir
_wfopen
_wfreopen
_wgetcwd
_wgetenv
_wopen
_wremove
_wrename
_write
_wstat64
_wsystem
abort
atoi
atol
calloc
exit
fclose
feof
ferror
fflush
fgetpos
fprintf
fputc
fread
free
fseek
fsetpos
ftell
fwrite
getc
getchar
gmtime
getenv
islower
isspace
isupper
isxdigit
localtime
localeconv
longjmp
malloc
memcpy
memmove
memset
qsort
setlocale
realloc
rewind
setbuf
setvbuf
signal
strchr
strerror
strlen
strncmp
strtol
strtoul
time
tolower
ungetc
vfprintf
wcslen

user32

MessageBoxA

ws2_32

__WSAFDIsSet
select

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 129KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/91
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/102
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 552KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TrackerUI.sys

Sharing

General

Malware Config

Signatures

Files

5f34d660b474229c0b63238ee3757465

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

ws2_32

Sections

.text Size: 162KB - Virtual size: 161KB

.data Size: 14KB - Virtual size: 13KB

.rdata Size: 16KB - Virtual size: 15KB

/4 Size: 17KB - Virtual size: 16KB

.bss Size: - Virtual size: 129KB

.idata Size: 5KB - Virtual size: 5KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 8B

.reloc Size: 7KB - Virtual size: 6KB

/14 Size: 512B - Virtual size: 248B

/29 Size: 42KB - Virtual size: 42KB

/41 Size: 3KB - Virtual size: 3KB

/55 Size: 5KB - Virtual size: 4KB

/67 Size: 512B - Virtual size: 56B

/80 Size: 512B - Virtual size: 116B

/91 Size: 8KB - Virtual size: 8KB

/102 Size: 512B - Virtual size: 232B

.rsrc Size: 552KB - Virtual size: 552KB

.text
Size: 162KB - Virtual size: 161KB

.data
Size: 14KB - Virtual size: 13KB

.rdata
Size: 16KB - Virtual size: 15KB

/4
Size: 17KB - Virtual size: 16KB

.bss
Size: - Virtual size: 129KB

.idata
Size: 5KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 7KB - Virtual size: 6KB

/14
Size: 512B - Virtual size: 248B

/29
Size: 42KB - Virtual size: 42KB

/41
Size: 3KB - Virtual size: 3KB

/55
Size: 5KB - Virtual size: 4KB

/67
Size: 512B - Virtual size: 56B

/80
Size: 512B - Virtual size: 116B

/91
Size: 8KB - Virtual size: 8KB

/102
Size: 512B - Virtual size: 232B

.rsrc
Size: 552KB - Virtual size: 552KB