DARKRED[.]exe | Triage

Resubmissions

08/07/2024, 15:13

240708-slwlrsvejn 3

Sharing

Copy URL

Twitter E-mail

General

Target

DARKRED.exe
Size

4.9MB
MD5

26c59bf23a1574e8d2c03dbb88de6365
SHA1

73ee29b787098f7d28420e9b44adb5387acfcc7c
SHA256

598357ec8dff284f0c6b96040c36d7c03850fe80ffb90bb4dfa4a2a36fc5ee3a
SHA512

e9de01ea521a50b35ee504ca969c070eb249fb2922bddcc6e25f011081f1fde7141c93b4c9a160f1efdc385c4b4937177a0f62372c0ca0b884da4b42e206035d
SSDEEP

98304:+ycTPgV0XTdiaQZLwLnS5MU8pPYpvbE3/tXVQr93Ryk6tUMW/VVjO:+BMV0XTdiaQZLwLnS5MU8pPYpTE31Xyg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DARKRED.exe

Files

DARKRED.exe
.exe windows:6 windows x86 arch:x86

351092a385adff9a3d8a8b11ca01d6ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\hudson\ZeusBase\ZeusGreen\GameMaker\Runner\VC_Runner\Win32\Release-Zeus\Runner.pdb

Imports

wininet

InternetReadFile
InternetWriteFile
HttpOpenRequestA
InternetCloseHandle
InternetCrackUrlA
HttpEndRequestW
HttpQueryInfoA
InternetConnectA
InternetOpenA
InternetCanonicalizeUrlA
HttpSendRequestA
InternetGetConnectedState

d3d11

D3D11CreateDevice

dbghelp

MiniDumpWriteDump
SymFromAddr
SymInitialize

winmm

mciSendStringA
mciGetErrorStringA
joyGetPos
timeGetDevCaps
timeBeginPeriod
timeEndPeriod
joyGetPosEx

ws2_32

gethostname
WSACleanup
setsockopt
sendto
send
recvfrom
recv
listen
inet_ntoa
inet_addr
getsockopt
ioctlsocket
connect
closesocket
bind
accept
getpeername
select
__WSAFDIsSet
ntohs
ntohl
htons
htonl
WSAStartup
WSAGetLastError
WSAAddressToStringA
getaddrinfo
freeaddrinfo
socket

gdiplus

GdiplusStartup
GdiplusShutdown

comctl32

InitCommonControlsEx

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

rpcrt4

UuidToStringW
UuidCreate

dxgi

CreateDXGIFactory1

kernel32

HeapReAlloc
GetTimeZoneInformation
SetStdHandle
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
DecodePointer
WriteFile
GetStdHandle
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
ReadFile
MoveFileExW
SetFileAttributesW
GetFileAttributesExW
GetModuleHandleExW
HeapWalk
HeapValidate
EncodePointer
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
InitializeSListHead
GetSystemTimeAsFileTime
IsValidCodePage
GetACP
RaiseException
GetStartupInfoW
IsDebuggerPresent
TerminateProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetProcAddress
LoadLibraryW
WideCharToMultiByte
CloseHandle
GetOEMCP
CreateEventExW
OutputDebugStringA
MultiByteToWideChar
GetConsoleWindow
GetLastError
GetCurrentDirectoryW
DeleteFileW
GetFullPathNameW
SetLastError
CreateThread
GetExitCodeThread
GetModuleHandleW
LocalFree
FormatMessageW
SetCurrentDirectoryA
GetCurrentDirectoryA
FreeLibrary
GetEnvironmentVariableW
CreateDirectoryW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
RemoveDirectoryW
Sleep
GetExitCodeProcess
CreateProcessW
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
SetWaitableTimer
CreateWaitableTimerW
GetTickCount
GetCurrentProcess
GetCurrentThread
SetThreadPriority
SetPriorityClass
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalMemoryStatusEx
GetSystemInfo
GetVersionExW
GetLocaleInfoW
GetUserDefaultLCID
ExitProcess
lstrlenA
GetCommandLineW
ExpandEnvironmentStringsW
CreateFileW
GetFinalPathNameByHandleW
SetUnhandledExceptionFilter
SetErrorMode
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
MoveFileA
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetConsoleCtrlHandler
OutputDebugStringW
SetCurrentDirectoryW
GetStringTypeW
SetEndOfFile
HeapSize
WaitForSingleObjectEx
WriteConsoleW
TlsFree
RtlCaptureStackBackTrace

user32

CreateDialogParamW
DialogBoxParamW
EndDialog
GetDlgItem
SetDlgItemTextW
GetDlgItemTextW
DrawTextW
GetDC
ReleaseDC
SetWindowTextW
ScreenToClient
MoveWindow
SetCursorPos
ClientToScreen
MapWindowPoints
GetActiveWindow
GetCursorPos
wsprintfW
GetAsyncKeyState
keybd_event
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
IsClipboardFormatAvailable
GetFocus
LoadImageW
AdjustWindowRectEx
TranslateMessage
DispatchMessageW
PeekMessageW
IsDialogMessageW
SetProcessDPIAware
GetForegroundWindow
UpdateWindow
SetWindowLongW
ChangeDisplaySettingsW
EnumDisplaySettingsW
MonitorFromWindow
GetMonitorInfoW
GetSystemMetrics
ReleaseCapture
SetCapture
GetKeyState
SetFocus
BringWindowToTop
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
PostMessageW
SendMessageW
LoadCursorW
CallNextHookEx
MessageBoxA
MessageBoxW
GetRawInputDeviceList
GetRawInputDeviceInfoA
GetWindowRect
SetCursor
GetClientRect
SetDlgItemTextA
SetForegroundWindow

gdi32

GetStockObject
DeleteObject
SelectObject
GetDeviceCaps
CreateFontA

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteW
SHGetFolderPathW

ole32

CoCreateInstance
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoInitialize

dwmapi

DwmGetCompositionTimingInfo

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1002KB - Virtual size: 1002KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 535KB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

minATL
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mydata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

351092a385adff9a3d8a8b11ca01d6ab

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

d3d11

dbghelp

winmm

ws2_32

gdiplus

comctl32

version

rpcrt4

dxgi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

dwmapi

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 1002KB - Virtual size: 1002KB

.data Size: 535KB - Virtual size: 2.9MB

minATL Size: 512B - Virtual size: 12B

.mydata Size: 512B - Virtual size: 8B

.rsrc Size: 42KB - Virtual size: 42KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 1002KB - Virtual size: 1002KB

.data
Size: 535KB - Virtual size: 2.9MB

minATL
Size: 512B - Virtual size: 12B

.mydata
Size: 512B - Virtual size: 8B

.rsrc
Size: 42KB - Virtual size: 42KB