Zedes-IPPuller-master[.]zip

Resubmissions

12/07/2024, 11:16

240712-ndmaxatbna 3

12/07/2024, 11:14

240712-ncakqa1cmk 3

Sharing

Copy URL Twitter E-mail

General

Target

Zedes-IPPuller-master.zip
Size

1.1MB
MD5

d8416c3efecec6da5eade7938e7007dd
SHA1

5a391ec4aba9be761bce89852a24e3120b18269f
SHA256

708790c43c8af8d82db1b04c74f5782f3e74452a84b65dfde314353a7358974b
SHA512

d2a1b76187aee45eca3813e9480d9eab3961f0b2b6a01285345c1232c2699e97c3c52fd17d0052c6441bb7c386510cd7064cb8cf2fd35352c3ae0e3016031911
SSDEEP

24576:ateBurTqaUuFssNfXpeXnbT7SITJ7gnPq5SDNTZ:FBETqaUu6mfgXbT7SIThgPq05TZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Zedes-IPPuller-master/LoginTheme.dll
unpack001/Zedes-IPPuller-master/PcapDotNet.Analysis.dll
unpack001/Zedes-IPPuller-master/PcapDotNet.Base.dll
unpack001/Zedes-IPPuller-master/PcapDotNet.Core.Extensions.dll
unpack001/Zedes-IPPuller-master/PcapDotNet.Core.dll
unpack001/Zedes-IPPuller-master/PcapDotNet.Packets.dll
unpack001/Zedes-IPPuller-master/ZEDES_2.0.exe

Files

Zedes-IPPuller-master.zip
.zip
Zedes-IPPuller-master/DBs/OUI.txt
Zedes-IPPuller-master/DBs/ports.txt
Zedes-IPPuller-master/LoginTheme.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

K:\Work\Themes\LoginTheme\LoginTheme\obj\Debug\LoginTheme.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zedes-IPPuller-master/PcapDotNet.Analysis.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zedes-IPPuller-master/PcapDotNet.Base.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Boaz\TFS\tfs06.codeplex.com\PcapDotNet\PcapDotNet\src\PcapDotNet.Base\obj\Release\PcapDotNet.Base.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zedes-IPPuller-master/PcapDotNet.Core.Extensions.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Boaz\TFS\tfs06.codeplex.com\PcapDotNet\PcapDotNet\src\PcapDotNet.Core.Extensions\obj\Release\PcapDotNet.Core.Extensions.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zedes-IPPuller-master/PcapDotNet.Core.dll
.dll windows:5 windows x86 arch:x86

b0d7e5e2d1863ef226ece143700901c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Boaz\TFS\tfs06.codeplex.com\PcapDotNet\PcapDotNet\bin\Release\PcapDotNet.Core.pdb

Imports

msvcr100

__dllonexit
_unlock
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__CppXcptFilter
?what@exception@std@@UBEPBDXZ
_lock
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
??3@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
_crt_debugger_hook
_except_handler4_common
_amsg_exit
_onexit
__FrameUnwindFilter
_cexit
__CxxQueryExceptionSize
__CxxExceptionFilter
__CxxRegisterExceptionObject
__CxxDetectRethrow
__CxxUnregisterExceptionObject
??2@YAPAXI@Z
_CxxThrowException
memmove
??1exception@std@@UAE@XZ

kernel32

GetCurrentThreadId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer

wpcap

pcap_dispatch
pcap_loop
pcap_sendpacket
pcap_offline_filter
pcap_freecode
pcap_setfilter
pcap_compile
pcap_open_dead
pcap_dump_flush
pcap_dump_ftell
pcap_dump_close
pcap_dump
pcap_dump_open
pcap_sendqueue_alloc
pcap_sendqueue_queue
pcap_sendqueue_destroy
pcap_sendqueue_transmit
pcap_datalink_val_to_name
pcap_datalink_val_to_description
pcap_datalink_name_to_val
pcap_geterr
pcap_lib_version
pcap_setmintocopy
pcap_setbuff
pcap_setnonblock
pcap_getnonblock
pcap_setmode
pcap_set_datalink
pcap_open
pcap_close
pcap_breakloop
pcap_setsampling
pcap_minor_version
pcap_major_version
pcap_is_swapped
pcap_snapshot
pcap_datalink
pcap_stats_ex
pcap_createsrcstr
pcap_findalldevs_ex
pcap_freealldevs
pcap_next_ex

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

mscoree

_CorDllMain

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zedes-IPPuller-master/PcapDotNet.Packets.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Boaz\TFS\tfs06.codeplex.com\PcapDotNet\PcapDotNet\src\PcapDotNet.Packets\obj\Release\PcapDotNet.Packets.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zedes-IPPuller-master/README.md
Zedes-IPPuller-master/ZEDES_2.0.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\marin\OneDrive\Escritorio\LANC v2\LANC v2\obj\Debug\ZEDES_2.0.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zedes-IPPuller-master/database.dat
Zedes-IPPuller-master/oui.dat
Zedes-IPPuller-master/ports.dat
Zedes-IPPuller-master/settings.ini

Resubmissions

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 113KB - Virtual size: 112KB

.sdata Size: 512B - Virtual size: 312B

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 90KB - Virtual size: 90KB

.rsrc Size: 1024B - Virtual size: 984B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 10KB - Virtual size: 10KB

.rsrc Size: 1024B - Virtual size: 960B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 8KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

b0d7e5e2d1863ef226ece143700901c1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr100

kernel32

wpcap

msvcp100

mscoree

Sections

.text Size: 18KB - Virtual size: 18KB

.rdata Size: 47KB - Virtual size: 47KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 1KB - Virtual size: 1KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 151KB - Virtual size: 151KB

.rsrc Size: 1024B - Virtual size: 944B

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

.text
Size: 113KB - Virtual size: 112KB

.sdata
Size: 512B - Virtual size: 312B

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 90KB - Virtual size: 90KB

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 1024B - Virtual size: 960B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 47KB - Virtual size: 47KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 151KB - Virtual size: 151KB

.rsrc
Size: 1024B - Virtual size: 944B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 91KB - Virtual size: 91KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 512B - Virtual size: 12B