Korepi 4[.]7[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

Korepi 4.7.7z
Size

115.5MB
MD5

591097884862b78f3cb12a8d12c4ba44
SHA1

93d05e3fc82683eb57d8b65b356ac71e4649b504
SHA256

5c632f7f35e9f9de39ef6c72b2cc413aa0f1800c51f6204bbaefd47eea97a064
SHA512

e0102a0f19b26e1fe9d3778f89573301ae4f964842d01b6faa3d08c4eac318861f5a2e137fcc48d8164d6ad00cfdcbfe1f9b0fc829bb9673b648b753b7e75288
SSDEEP

3145728:K3iKZ4pgXtHLXdjR/mpttYxbmGKBZUQRStBGGt2mO:K3uIp/mptsuhRS+GtvO

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Korepi 4.7/Korepi.exe
unpack001/Korepi 4.7/dll.dll
unpack001/Korepi 4.7/exe.dll
unpack001/Korepi 4.7/injector.exe

Files

Korepi 4.7.7z
.7z
Korepi 4.7/Korepi.exe
.exe windows:6 windows x64 arch:x64

84d8a38af19a10f958b80b2ff3916a6f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadResource

user32

SetClipboardData

comdlg32

GetOpenFileNameA

advapi32

RegCreateKeyExW

shell32

ShellExecuteA

ws2_32

WSACloseEvent

crypt32

CertOpenStore

msvcp140

?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

bcrypt

BCryptGenRandom

vcruntime140_1

__CxxFrameHandler4

vcruntime140

strchr

api-ms-win-crt-locale-l1-1-0

setlocale

api-ms-win-crt-heap-l1-1-0

_aligned_free

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback

api-ms-win-crt-stdio-l1-1-0

fopen_s

api-ms-win-crt-convert-l1-1-0

strtoll

api-ms-win-crt-filesystem-l1-1-0

_fstat64

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-string-l1-1-0

_stricmp

api-ms-win-crt-math-l1-1-0

_fdclass

api-ms-win-crt-multibyte-l1-1-0

_mbsicmp

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-environment-l1-1-0

getenv

Exports

Exports

OPENSSL_Applink

Sections

.text
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.a[{
Size: - Virtual size: 107.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.-:{
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Eeh
Size: 123.9MB - Virtual size: 123.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 453KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Korepi 4.7/dll.dll
.dll windows:6 windows x64 arch:x64

1b2fe4e1198b1ccbc541b6f905aa6a2f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateThread
CreateToolhelp32Snapshot
DisableThreadLibraryCalls
FlushInstructionCache
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleW
GetProcAddress
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
OpenThread
QueryPerformanceCounter
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetThreadContext
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
Thread32First
Thread32Next
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery

msvcp140

??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
??0facet@locale@std@@IEAA@_K@Z
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??1facet@locale@std@@MEAA@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Id_cnt@id@locale@std@@0HA
?_Incref@facet@locale@std@@UEAAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?id@?$numpunct@D@std@@2V0locale@2@A

vcruntime140

_CxxThrowException
__C_specific_handler
__CxxFrameHandler3
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_destroy_list
memcpy
memmove
memset

api-ms-win-crt-math-l1-1-0

_dsign
_dtest
_fdsign
_fdtest
_ldsign
_ldtest

api-ms-win-crt-runtime-l1-1-0

_cexit
_configure_narrow_argv
_crt_atexit
_execute_onexit_table
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_seh_filter_dll

api-ms-win-crt-heap-l1-1-0

_callnewh
calloc
free
malloc

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-string-l1-1-0

strlen

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Korepi 4.7/enc.json
Korepi 4.7/exe.dll
.dll windows:6 windows x64 arch:x64

135307c19b2bce4a9be0ab63c74dfe53

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

AreFileApisANSI
CloseHandle
CreateThread
CreateToolhelp32Snapshot
DisableThreadLibraryCalls
FlushInstructionCache
FormatMessageA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetLocaleInfoEx
GetModuleHandleW
GetProcAddress
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
LocalFree
MultiByteToWideChar
OpenThread
QueryPerformanceCounter
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetThreadContext
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
Thread32First
Thread32Next
UnhandledExceptionFilter
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualProtect
VirtualQuery
WideCharToMultiByte
WriteProcessMemory

msvcp140

??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
??0facet@locale@std@@IEAA@_K@Z
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??1facet@locale@std@@MEAA@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Id_cnt@id@locale@std@@0HA
?_Incref@facet@locale@std@@UEAAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?good@ios_base@std@@QEBA_NXZ
?id@?$numpunct@D@std@@2V0locale@2@A
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?uncaught_exceptions@std@@YAHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z

vcruntime140

_CxxThrowException
__C_specific_handler
__CxxFrameHandler3
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_destroy_list
memcpy
memmove
memset

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv

api-ms-win-crt-math-l1-1-0

_dsign
_dtest
_fdsign
_fdtest
_ldsign
_ldtest

api-ms-win-crt-runtime-l1-1-0

_cexit
_configure_narrow_argv
_crt_atexit
_execute_onexit_table
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_seh_filter_dll

api-ms-win-crt-heap-l1-1-0

_callnewh
calloc
free
malloc

api-ms-win-crt-string-l1-1-0

strlen

Sections

.text
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Korepi 4.7/injector.exe
.exe windows:6 windows x64 arch:x64

613132fa84b9778bb47d776e4960058a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AreFileApisANSI
CloseHandle
CreateRemoteThreadEx
CreateToolhelp32Snapshot
FormatMessageA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetLocaleInfoEx
GetModuleHandleW
GetProcAddress
GetProcessId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
LocalFree
Module32NextW
MultiByteToWideChar
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
VirtualAllocEx
WideCharToMultiByte
WriteProcessMemory

shell32

ShellExecuteExW

msvcp140

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?good@ios_base@std@@QEBA_NXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?uncaught_exceptions@std@@YAHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z

vcruntime140

_CxxThrowException
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
__std_exception_copy
__std_exception_destroy
__std_terminate
memcpy
memmove
memset

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
_c_exit
_cexit
_configure_narrow_argv
_crt_atexit
_exit
_get_initial_narrow_environment
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_set_app_type
exit
terminate

api-ms-win-crt-string-l1-1-0

_wcsicmp
strlen

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
free
malloc

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode
getchar

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Korepi 4.7/virustotal.txt

Sharing

General

Malware Config

Signatures

Files

84d8a38af19a10f958b80b2ff3916a6f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

shell32

ws2_32

crypt32

msvcp140

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

Exports

Exports

Sections

.text Size: - Virtual size: 2.3MB

.rdata Size: - Virtual size: 1.0MB

.data Size: - Virtual size: 52KB

.pdata Size: - Virtual size: 95KB

.a[{ Size: - Virtual size: 107.5MB

.-:{ Size: 512B - Virtual size: 448B

.Eeh Size: 123.9MB - Virtual size: 123.9MB

.rsrc Size: 453KB - Virtual size: 452KB

1b2fe4e1198b1ccbc541b6f905aa6a2f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp140

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

Sections

.text Size: 99KB - Virtual size: 99KB

.rdata Size: 160KB - Virtual size: 160KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 424B

.reloc Size: 512B - Virtual size: 204B

135307c19b2bce4a9be0ab63c74dfe53

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp140

vcruntime140

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

Sections

.text Size: 113KB - Virtual size: 112KB

.rdata Size: 167KB - Virtual size: 167KB

.text
Size: - Virtual size: 2.3MB

.rdata
Size: - Virtual size: 1.0MB

.data
Size: - Virtual size: 52KB

.pdata
Size: - Virtual size: 95KB

.a[{
Size: - Virtual size: 107.5MB

.-:{
Size: 512B - Virtual size: 448B

.Eeh
Size: 123.9MB - Virtual size: 123.9MB

.rsrc
Size: 453KB - Virtual size: 452KB

.text
Size: 99KB - Virtual size: 99KB

.rdata
Size: 160KB - Virtual size: 160KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 424B

.reloc
Size: 512B - Virtual size: 204B

.text
Size: 113KB - Virtual size: 112KB

.rdata
Size: 167KB - Virtual size: 167KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 424B

.reloc
Size: 512B - Virtual size: 256B

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 424B

.reloc
Size: 512B - Virtual size: 156B