world[.]rar | Triage

Resubmissions

13/07/2024, 15:49

240713-s9eyxsxcjn 3

13/07/2024, 15:47

240713-s8ea1axbpm 3

Sharing

Copy URL Twitter E-mail

General

Target

world.rar
Size

826KB
MD5

fd96332dc9f389e1246208fcd4ac9fa2
SHA1

18b3f8154995b04017127fc5b2d02c789c17666b
SHA256

a277a866f4a02d76d58d681023b50ac11e4066260e4682a9590a84f95fde140f
SHA512

c8660c4c3cb86a6597cca4eb907bcca58e463c3bc0f213e25e2ed35cabe57ac944e5c6e5a078e2517febd3db382c60857fe648e590f1908fc8eb9b4b73211f8b
SSDEEP

24576:vh9cRxnKeB6+AdQyH0eIMOTU7wAzXPchp:vh9YEeg+PyUeIBTU7wdp

Score

1^/10

Malware Config

Signatures

Files

world.rar
.rar
world/UltraVNC.ini
world/libraries.exe
.exe windows:6 windows x64 arch:x64

c9f819d4421af42436a9bf21752d51cc

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:30:2f:6c:9f:56:b5:a7:b0:0d:14:85:10:a5:a5:9e
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

28/10/2019, 00:00

Not After

01/11/2022, 12:00

Subject

CN=uvnc bvba,O=uvnc bvba,L=Antwerpen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9a:38:43:3e:94:68:67:af:d9:cc:b8:39:29:6e:da:f5:61:4b:04:aa
Signer

Actual PE Digest

9a:38:43:3e:94:68:67:af:d9:cc:b8:39:29:6e:da:f5:61:4b:04:aa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\rudi\Desktop\git_ultravnc\winvnc\winvnc\x64\Release\winvnc.pdb

Imports

ws2_32

gethostbyname
inet_ntoa
select
WSAGetLastError
setsockopt
WSACleanup
__WSAFDIsSet
accept
bind
WSAIoctl
closesocket
gethostname
shutdown
listen
WSAStartup
getpeername
inet_addr
getsockname
send
socket
connect
recv
getsockopt
htonl
htons

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
ExpandEnvironmentStringsForUserA

kernel32

Process32First
WriteFile
OutputDebugStringA
WaitForMultipleObjects
WaitForSingleObject
CreateFileW
GetSystemDirectoryW
CreateToolhelp32Snapshot
lstrcatW
Process32Next
LoadLibraryW
GetCurrentProcessId
CreateEventA
WaitNamedPipeW
GetExitCodeProcess
GetEnvironmentVariableA
SetCurrentDirectoryA
SetFileAttributesA
ResumeThread
ResetEvent
CompareFileTime
CreateFileA
GetFileSize
GetFileTime
GetStdHandle
WriteConsoleA
FreeConsole
FormatMessageA
AllocConsole
GetExitCodeThread
MoveFileA
GetDriveTypeA
SetFileTime
SetErrorMode
SetFilePointer
SetEndOfFile
GetFileAttributesA
MoveFileExA
FileTimeToSystemTime
GetLogicalDriveStringsA
SystemTimeToFileTime
CreateDirectoryA
GetSystemTime
FlushFileBuffers
TerminateProcess
VirtualAllocEx
ReadProcessMemory
SetThreadExecutionState
VirtualFreeEx
TerminateThread
SizeofResource
FindResourceA
LockResource
LoadResource
CreateMutexA
ReleaseMutex
GlobalGetAtomNameA
GlobalDeleteAtom
GetModuleHandleW
GlobalAddAtomA
VerSetConditionMask
GetVolumeInformationA
SetLastError
FreeLibraryAndExitThread
ExitThread
GetFullPathNameW
GetCurrentDirectoryW
GetCurrentDirectoryA
SetEnvironmentVariableW
SetEnvironmentVariableA
GetCPInfo
SetStdHandle
SetFilePointerEx
ReadConsoleW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
GetModuleHandleExW
ExitProcess
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
LoadLibraryExW
EncodePointer
RtlPcToFileHeader
RtlUnwindEx
OutputDebugStringW
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateSemaphoreA
TlsFree
TlsGetValue
TlsAlloc
GetCurrentThread
DuplicateHandle
SetThreadPriority
ReleaseSemaphore
TlsSetValue
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SwitchToThread
GetFileType
lstrcatA
lstrcmpiA
lstrcpynA
DosDateTimeToFileTime
GetLocalTime
FileTimeToLocalFileTime
SetVolumeLabelA
LocalFileTimeToFileTime
GetVersion
GetLocaleInfoA
GetFullPathNameA
lstrcpyA
ReadFile
LCMapStringW
CompareStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
CreateFileMappingA
WritePrivateProfileSectionA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStructA
WritePrivateProfileStringA
WritePrivateProfileStructA
RaiseException
InitializeCriticalSectionAndSpinCount
WinExec
GetComputerNameA
GetProcessHeap
HeapAlloc
GetSystemInfo
GetSystemDirectoryA
lstrlenA
HeapFree
MapViewOfFile
OpenFileMappingA
UnmapViewOfFile
FreeLibrary
DeleteFileA
GetTempPathA
FindClose
FindNextFileA
FindFirstFileA
GetProcessTimes
GetSystemTimeAsFileTime
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetCurrentProcess
EnterCriticalSection
GetVersionExA
SetEvent
GetLastError
OpenProcess
OpenEventA
CreateThread
CloseHandle
VerifyVersionInfoW
Sleep
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetCurrentThreadId
GetModuleFileNameA
GetTickCount
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
GlobalSize
EnumSystemLocalesW
MultiByteToWideChar
GetStringTypeW
WriteConsoleW
HeapReAlloc
CreateDirectoryW
DeleteFileW
GetFileAttributesExW
SetFileAttributesW
MoveFileExW
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
RemoveDirectoryW
HeapSize
GetACP
SetProcessShutdownParameters
RtlUnwind

user32

CheckDlgButton
SetDlgItemInt
LoadMenuA
GetMenuItemID
TrackPopupMenu
GetSubMenu
SetMenuDefaultItem
DestroyMenu
RemoveMenu
EnableMenuItem
EnableWindow
VkKeyScanA
GetAsyncKeyState
MapVirtualKeyA
ToAscii
SendInput
DestroyWindow
SetClipboardViewer
GetClipboardOwner
WaitMessage
PostThreadMessageA
ChangeClipboardChain
SendNotifyMessageA
GetDlgItemInt
IsWindowVisible
FillRect
GetIconInfo
GetClassNameA
WindowFromPoint
RegisterWindowMessageA
DrawTextA
FindWindowExA
OpenDesktopA
EnumDesktopWindows
SetRect
DrawIconEx
DestroyIcon
GetKeyboardState
PtInRect
SetActiveWindow
MessageBeep
FlashWindow
EnumDisplaySettingsExA
EnumDisplayDevicesA
ChangeDisplaySettingsExA
GetKeyState
IntersectRect
IsDlgButtonChecked
GetTopWindow
GetWindow
GetProcessWindowStation
PeekMessageA
keybd_event
EnumDisplaySettingsA
GetWindowRect
ScreenToClient
EndDialog
GetScrollInfo
DialogBoxParamA
GetDlgItemTextA
SetWindowTextA
MoveWindow
SetFocus
SendDlgItemMessageA
SetDlgItemTextA
GetClientRect
GetDlgItem
SetForegroundWindow
InvalidateRect
GetCursorPos
ExitWindowsEx
GetWindowThreadProcessId
wsprintfA
SystemParametersInfoA
MessageBoxA
GetForegroundWindow
GetDesktopWindow
PostMessageA
SendMessageA
mouse_event
FindWindowA
GetMessageA
LoadImageA
DispatchMessageA
GetUserObjectInformationA
LoadCursorA
SetWindowPos
GetSystemMetrics
SetThreadDesktop
GetThreadDesktop
ShowWindow
CloseDesktop
SetTimer
AdjustWindowRect
DefWindowProcA
IsRectEmpty
CreateWindowExA
OpenInputDesktop
TranslateMessage
LoadIconA
GetWindowLongPtrA
KillTimer
PostQuitMessage
SetWindowLongPtrA
RegisterClassExA
GetDC
ReleaseDC
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
IsClipboardFormatAvailable
RegisterClipboardFormatA
OemToCharA
CharToOemA
wvsprintfA
LoadStringA

gdi32

GetBitmapBits
SetDIBColorTable
GdiFlush
SetTextColor
SelectPalette
CreatePalette
SetBkColor
CreateFontIndirectA
GetObjectA
ExtEscape
GetSystemPaletteEntries
DeleteObject
DeleteDC
GetPixel
GetDeviceCaps
GetDIBits
CreateCompatibleDC
CreateDIBSection
SelectObject
CreateCompatibleBitmap
BitBlt
CreateDCA
CreateSolidBrush
SetBkMode
GetClipBox
GetStockObject
StretchBlt
PatBlt
GetRgnBox
CombineRgn
PtInRegion
GetRegionData
CreateRectRgn
OffsetRgn
SetRectRgn
RealizePalette

advapi32

GetUserNameA
GetSecurityDescriptorLength
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
IsValidSid
IsValidSecurityDescriptor
GetKernelObjectSecurity
SetKernelObjectSecurity
IsValidAcl
LookupAccountSidA
SetSecurityInfo
RegCreateKeyA
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
CreateServiceA
StartServiceCtrlDispatcherA
QueryServiceStatus
RegDeleteKeyA
SetServiceStatus
RegisterServiceCtrlHandlerA
DeleteService
AdjustTokenPrivileges
SetTokenInformation
LookupPrivilegeValueA
DuplicateTokenEx
RevertToSelf
EqualSid
AllocateAndInitializeSid
ImpersonateLoggedOnUser
FreeSid
GetTokenInformation
EnumServicesStatusA
CloseServiceHandle
QueryServiceConfigA
OpenSCManagerA
OpenServiceA
CreateProcessAsUserA
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
OpenProcessToken
RegOpenKeyExA
RegDeleteValueA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHFileOperationA
SHGetMalloc
ShellExecuteA
ShellExecuteExA
Shell_NotifyIconA

ole32

CoUninitialize
CoCreateInstance
CoInitialize

imm32

ImmGetDefaultIMEWnd

Exports

Exports

adler32
adler32_combine
adler32_z
compress
compress2
compressBound
crc32
crc32_combine
crc32_final
crc32_init
crc32_update
crc32_z
deflate
deflateBound
deflateCopy
deflateEnd
deflateGetDictionary
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
inflate
inflateCodesUsed
inflateCopy
inflateEnd
inflateGetDictionary
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
inflateValidate
uncompress
uncompress2
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 519KB - Virtual size: 519KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 643KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 763KB - Virtual size: 762KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
world/main.bat

Resubmissions

Sharing

General

Malware Config

Signatures

Files

c9f819d4421af42436a9bf21752d51cc

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77Certificate

Key Usages

01:30:2f:6c:9f:56:b5:a7:b0:0d:14:85:10:a5:a5:9eCertificate

Extended Key Usages

Key Usages

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

9a:38:43:3e:94:68:67:af:d9:cc:b8:39:29:6e:da:f5:61:4b:04:aaSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

version

userenv

kernel32

user32

gdi32

advapi32

shell32

ole32

imm32

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 519KB - Virtual size: 519KB

.data Size: 8KB - Virtual size: 643KB

.pdata Size: 45KB - Virtual size: 44KB

.rsrc Size: 763KB - Virtual size: 762KB

.reloc Size: 4KB - Virtual size: 4KB

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

01:30:2f:6c:9f:56:b5:a7:b0:0d:14:85:10:a5:a5:9e
Certificate

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

9a:38:43:3e:94:68:67:af:d9:cc:b8:39:29:6e:da:f5:61:4b:04:aa
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 519KB - Virtual size: 519KB

.data
Size: 8KB - Virtual size: 643KB

.pdata
Size: 45KB - Virtual size: 44KB

.rsrc
Size: 763KB - Virtual size: 762KB

.reloc
Size: 4KB - Virtual size: 4KB