squid[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

squid.7z
Size

257KB
MD5

91dab16a4e06c481208e6e4b0a18b8d7
SHA1

c4f468120a0e673ada6f12e9d6f780df324109a0
SHA256

21ad65cf5230f260925637b873e93ceeef86ca08592132b8d9ec3c9942974a9c
SHA512

13892a3cecc488ab716b703910c110569a72db3cc898775338745eb58daf77b37afb2a88c981a63ca6bd1a0e1e4fbeb164431b104d5f68b21593f9880650ff20
SSDEEP

6144:LjA6oDH2NsweV1m6x74AOqoO7mY1m2t8GRK7W25k+g:noDSebm07Agj1tRK7W25Jg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7zr.exe

Files

squid.7z
.7z

Password: squid
7zr.exe
.exe windows:4 windows x86 arch:x86

Password: squid

28bc134ea5d519f49501ac974b6a747e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VariantCopy
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
VariantClear

user32

CharUpperW

advapi32

OpenProcessToken
GetFileSecurityW
SetFileSecurityW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_beginthreadex
realloc
_ftol
memset
strlen
wcscmp
wcsstr
strcmp
memmove
fputs
fputc
fflush
fgetc
_iob
free
malloc
memcmp
_purecall
memcpy
_CxxThrowException
__CxxFrameHandler
_isatty
_fileno

kernel32

SetThreadAffinityMask
CreateEventW
SetEvent
ResetEvent
CreateSemaphoreW
ReleaseSemaphore
InitializeCriticalSection
WaitForSingleObject
RemoveDirectoryW
InterlockedIncrement
GetVersion
VirtualFree
VirtualAlloc
SetConsoleMode
GetConsoleMode
GetVersionExW
SetFileApisToOEM
GetCommandLineW
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
GetProcessTimes
OpenEventW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
SetProcessAffinityMask
GetSystemTimeAsFileTime
FileTimeToDosDateTime
IsProcessorFeaturePresent
GlobalMemoryStatus
GetSystemInfo
GetProcessAffinityMask
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
GetModuleHandleW
GetCurrentProcess
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
SetEndOfFile
GetLastError
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
LoadLibraryW
GetModuleFileNameW
LocalFree
FormatMessageW
CloseHandle
SetFileTime
CreateFileW
SetFileAttributesW
WriteFile
MoveFileW
CreateHardLinkW
CreateDirectoryW
DeleteFileW
SetLastError
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTempPathW
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
GetFileInformationByHandle
GetStdHandle
FindClose
FindFirstFileW
FindNextFileW
GetProcAddress
GetModuleHandleA
GetFileAttributesW
GetLogicalDriveStringsW
GetFileSize
SetFilePointer
DeviceIoControl
ReadFile
ResumeThread

Sections

.text
Size: 481KB - Virtual size: 481KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
__encrypt_files.bat
__main.bat
.bat .ps1
__note.bat
dropper.bat
.bat .ps1

Sharing

General

Malware Config

Signatures

Files

Password: squid

Password: squid

28bc134ea5d519f49501ac974b6a747e

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

user32

advapi32

msvcrt

kernel32

Sections

.text Size: 481KB - Virtual size: 481KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 1KB - Virtual size: 46KB

.sxdata Size: 512B - Virtual size: 4B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 481KB - Virtual size: 481KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 1KB - Virtual size: 46KB

.sxdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 22KB - Virtual size: 22KB