Splitgate[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Splitgate.zip
Size

140KB
MD5

2ea0b345990f2a76881c8122339ebc78
SHA1

5779b997760ca9be162de972fc9ce8392df5c3f6
SHA256

5e12c31b2b2a744e8803e6df635b339582f42b0442edff605536fc8ea1599386
SHA512

3a2cb508904c1232bffe98c28be957a28868afb42c101c5ccce1d1961b60075c0c1dc84128548f909fbe0fae13ac50f639b27318274c0f895474672f3a5909b1
SSDEEP

3072:TdYrMJBxpGiiXnvfiIPfsquCLCVDWHA6a1QfGEspm5jyV:JYrMCXXnvKIs8LCVDz6GCGI5jW

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Splitgate/External.exe
unpack001/Splitgate/driver.sys

Files

Splitgate.zip
.zip
Splitgate/External.exe
.exe windows:6 windows x64 arch:x64

7bd83383d1f5702ea6d83385d2c38ba3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dwmapi

DwmExtendFrameIntoClientArea

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

d3d9

Direct3DCreate9Ex

user32

SetCapture
ScreenToClient
SetCursor
ReleaseCapture
SetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetWindowLongW
GetWindowThreadProcessId
DefWindowProcW
GetKeyState
GetWindow
GetWindowRect
DestroyWindow
SetWindowPos
UnregisterClassW
RegisterClassExW
GetCapture
GetAsyncKeyState
DispatchMessageW
ClientToScreen
PeekMessageW
GetForegroundWindow
MoveWindow
CreateWindowExA
TranslateMessage
LoadIconW
FindWindowW
LoadCursorW
mouse_event
SetWindowLongW
GetClientRect
PostQuitMessage
FindWindowA
UpdateWindow
GetCursorPos
GetActiveWindow
SendInput
ShowWindow

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

kernel32

GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
IsProcessorFeaturePresent
CloseHandle
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
GetTickCount
CreateThread
Sleep
CreateFileW
DeviceIoControl
SetConsoleTitleA
TerminateProcess
IsDebuggerPresent
EnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
InitializeSListHead
GetSystemTimeAsFileTime

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception_context
memcpy
memchr
memset
__std_exception_destroy
__std_exception_copy
__std_terminate
strstr
__current_exception
memmove
__C_specific_handler
_CxxThrowException

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
system
_register_thread_local_exe_atexit_callback
_c_exit
terminate
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
__p___argv
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
__p___argc
exit

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
_wfopen
fwrite
__p__commode
fread
__stdio_common_vsprintf
__stdio_common_vsprintf_s
__stdio_common_vfprintf
ftell
fflush
_set_fmode
__stdio_common_vsscanf
fseek
fclose

api-ms-win-crt-string-l1-1-0

strcmp
isprint
strncpy

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc
_set_new_mode

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-math-l1-1-0

fmodf
asinf
pow
ceilf
sqrtf
floorf
cosf
__setusermatherr
sqrt
sinf
powf
tanf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Splitgate/driver.sys
.sys windows:10 windows x64 arch:x64

103e4720bea6ba3f0364a417a0e6148c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\dyned\Desktop\Driver\x64\Release\Win32ver.pdb

Imports

ntoskrnl.exe

MmIsAddressValid
ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag
ObfDereferenceObject
RtlInitUnicodeString
MmCopyVirtualMemory
IoCreateDriver
IoGetCurrentProcess
PsLookupProcessByProcessId
IoCreateDevice
PsGetProcessSectionBaseAddress
IofCompleteRequest
IoCreateSymbolicLink
ProbeForRead
strcmp

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7bd83383d1f5702ea6d83385d2c38ba3

Headers

DLL Characteristics

File Characteristics

Imports

dwmapi

msvcp140

d3d9

user32

imm32

kernel32

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 194KB - Virtual size: 193KB

.rdata Size: 40KB - Virtual size: 40KB

.data Size: 3KB - Virtual size: 5KB

.pdata Size: 8KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 512B - Virtual size: 152B

103e4720bea6ba3f0364a417a0e6148c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 16B

.pdata Size: 512B - Virtual size: 180B

INIT Size: 1024B - Virtual size: 546B

.reloc Size: 512B - Virtual size: 20B

.text
Size: 194KB - Virtual size: 193KB

.rdata
Size: 40KB - Virtual size: 40KB

.data
Size: 3KB - Virtual size: 5KB

.pdata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 512B - Virtual size: 152B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 16B

.pdata
Size: 512B - Virtual size: 180B

INIT
Size: 1024B - Virtual size: 546B

.reloc
Size: 512B - Virtual size: 20B