240711-axjgga1eqe_pw_infected[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

240711-axjgga1eqe_pw_infected.zip
Size

706KB
MD5

e015d52ed6d22203cab035e063178091
SHA1

472d368b624385ad030a067d4ddda60043294697
SHA256

8fa54db6f30bc98caef631307f69e69246f75297d1a0665145b0d20b08b6df61
SHA512

233206003ff0631b899f5fea0b99762691544c94e2d81ead431bb3967c241ffd744de5fae3aedfba60e96664c609f4f8b79c43c978458abb93d163c693f6d2cc
SSDEEP

12288:l6wFh6rHy6D7MPxbzphRTWEkkmXj07po6y0gL2XaPPXQ27uWoL/RqXynlT2GYAQ7:lP6H4hcEkK7q6x+y3XgX0CzZOm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1123.exe

Files

240711-axjgga1eqe_pw_infected.zip
.zip

Password: infected
1123.exe
.exe windows:6 windows x64 arch:x64

a1371442359b24749e619c32224e9d15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\duh\Desktop\niger\x64\Release\jesse pinkman.pdb

Imports

d3d11

D3D11CreateDeviceAndSwapChain

urlmon

URLDownloadToFileA

kernel32

GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetCurrentProcess
TerminateProcess
Sleep
Process32First
SetPriorityClass
SetConsoleTitleA
DeviceIoControl
CreateToolhelp32Snapshot
CreateFileA
Process32Next
CloseHandle
LoadLibraryA
QueryPerformanceCounter
IsBadReadPtr
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleHandleW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
MultiByteToWideChar
GetProcAddress
lstrcmpiA
QueryPerformanceFrequency
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryW

user32

PostMessageA
DispatchMessageA
GetWindowRect
SetWindowPos
GetSystemMetrics
ShowWindow
GetAsyncKeyState
SetWindowLongA
GetWindowLongA
DefWindowProcA
CreateWindowExA
SetFocus
TranslateMessage
ReleaseCapture
PeekMessageA
FindWindowA
GetClientRect
SetCursor
SetCapture
GetForegroundWindow
TrackMouseEvent
RegisterClassExA
UpdateWindow
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
ClientToScreen
GetCapture
ScreenToClient
LoadCursorA
GetKeyState
SetClipboardData
SetCursorPos
GetCursorPos

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
_Query_perf_frequency
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xbad_function_call@std@@YAXXZ
_Query_perf_counter
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?good@ios_base@std@@QEBA_NXZ
?_Throw_Cpp_error@std@@YAXH@Z
?_Random_device@std@@YAIXZ
_Thrd_detach

d3dcompiler_47

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

imm32

ImmAssociateContextEx
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_terminate
__std_exception_destroy
__std_exception_copy
__C_specific_handler
memset
memmove
memcpy
memcmp
memchr
_CxxThrowException
__current_exception_context
__current_exception
strstr

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_set_app_type
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
terminate
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_crt_atexit
_cexit
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_beginthreadex
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment

api-ms-win-crt-stdio-l1-1-0

ftell
fflush
__p__commode
fclose
_set_fmode
__stdio_common_vfprintf
__stdio_common_vsprintf_s
fseek
__acrt_iob_func
fwrite
_wfopen
__stdio_common_vsscanf
fread
__stdio_common_vsprintf

api-ms-win-crt-string-l1-1-0

strncpy
strcmp

api-ms-win-crt-utility-l1-1-0

qsort
rand
srand

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
_set_new_mode
free

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

asin
atan2f
powf
sinf
cosf
sqrtf
floorf
acosf
fmodf
tanf
ceilf
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 340KB - Virtual size: 339KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 999KB - Virtual size: 1002KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

a1371442359b24749e619c32224e9d15

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

urlmon

kernel32

user32

msvcp140

d3dcompiler_47

dwmapi

imm32

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 340KB - Virtual size: 339KB

.rdata Size: 58KB - Virtual size: 58KB

.data Size: 999KB - Virtual size: 1002KB

.pdata Size: 13KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 512B - Virtual size: 372B

.text
Size: 340KB - Virtual size: 339KB

.rdata
Size: 58KB - Virtual size: 58KB

.data
Size: 999KB - Virtual size: 1002KB

.pdata
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 512B - Virtual size: 372B