ff[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ff.zip
Size

43.4MB
MD5

5b89903a8fe53bcff691964fbe30f0d3
SHA1

abb5ef853476d0d4122df0d690c8b9d60e95905b
SHA256

1d09854d699cc283a0894fa5e16a3d110c3222616af60a76b6e34e815d942932
SHA512

f5db9c6130ccc3a6934569ca188fc87232a31539fa86849b116f712c61db57a005bdb77953779dc4b1456099f5b88ce61a7dfde97a4769cd6392777e31c025ff
SSDEEP

786432:S3pJeLYwCcV1FomjB1L1oD9Omahjv0WHKXLU6rdkf3qVmA110o8csWX4NkqhKoOH:SjKYzrm1oD9Oma5KbPGoPF3qEoOJYO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/trojanCockroach/Transmit.exe

Files

ff.zip
.zip
trojanCockroach/.vs/ProjectSettings.json
trojanCockroach/.vs/VSWorkspaceState.json
trojanCockroach/.vs/slnx.sqlite
trojanCockroach/.vs/trojanCockroach/FileContentIndex/5ac379b5-107c-449c-95ca-9d994844230e.vsidx
trojanCockroach/.vs/trojanCockroach/v17/.wsuo
trojanCockroach/.vs/trojanCockroach/v17/Browse.VC.db
trojanCockroach/.vs/trojanCockroach/v17/DocumentLayout.json
trojanCockroach/.vs/trojanCockroach/v17/ipch/AutoPCH/7a495b1425ed5d63/TROJANCOCKROACH.ipch
trojanCockroach/.vs/trojanCockroach/v17/ipch/AutoPCH/7f1fdb906aab8849/INFECT.ipch
trojanCockroach/DecodeMessage.cpp
trojanCockroach/Infect.cpp
trojanCockroach/Infect.lnk
.lnk
trojanCockroach/Transmit.exe
.exe windows:4 windows x86 arch:x86

485fc7f2a1c2cbcd1766d3497e7ab68d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptAcquireContextA
CryptCreateHash
CryptDecrypt
CryptDestroyHash
CryptDestroyKey
CryptEnumProvidersA
CryptExportKey
CryptGetProvParam
CryptGetUserKey
CryptReleaseContext
CryptSetHashParam
CryptSignHashA
DeregisterEventSource
RegisterEventSourceA
ReportEventA

crypt32

CertCloseStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

gdi32

CreateCompatibleBitmap
DeleteObject
GetDIBits
GetDeviceCaps
GetObjectA

kernel32

CloseHandle
DeleteCriticalSection
EnterCriticalSection
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FormatMessageA
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableA
GetFileType
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetStdHandle
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetVersion
GlobalMemoryStatus
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
PeekNamedPipe
QueryPerformanceCounter
ReadFile
SearchPathA
SetEndOfFile
SetLastError
SetUnhandledExceptionFilter
Sleep
SleepEx
SystemTimeToFileTime
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VerSetConditionMask
VerifyVersionInfoA
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_access
_amsg_exit
_beginthreadex
_cexit
_chmod
_close
_errno
_exit
_fdopen
_fileno
_fileno
_fmode
_fstati64
_get_osfhandle
_getch
_getch
_getpid
_initterm
_iob
_isatty
_lock
_lseeki64
_mkdir
_onexit
_open
_open
_read
_setmode
_setmode
_stat
_stati64
_strdup
_stricmp
_stricmp
_strnicmp
_strnicmp
_sys_nerr
_unlock
_utime
_vsnprintf
_wfopen
_write
abort
atoi
calloc
exit
fclose
feof
ferror
fflush
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
getenv
gmtime
isalnum
isalpha
isgraph
islower
isprint
isspace
isupper
localtime
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
printf
puts
qsort
raise
realloc
setlocale
setvbuf
signal
sprintf
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncmp
strncpy
strpbrk
strrchr
strstr
strtok
strtol
strtoul
time
tolower
toupper
vfprintf
wcslen
wcsstr

user32

GetDC
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
ReleaseDC

wldap32

ber_free
ldap_err2string
ldap_first_attribute
ldap_first_entry
ldap_get_dn
ldap_get_values_len
ldap_init
ldap_memfree
ldap_msgfree
ldap_next_attribute
ldap_next_entry
ldap_search_s
ldap_set_option
ldap_simple_bind_s
ldap_unbind_s
ldap_value_free_len

ws2_32

WSACleanup
WSAGetLastError
WSAIoctl
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostname
getpeername
getsockname
getsockopt
htons
ioctlsocket
listen
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_version
curl_version_info

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 435KB - Virtual size: 434KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
trojanCockroach/TrojanCockroach.cpp
trojanCockroach/TrojanCockroach.lnk
.lnk

Sharing

General

Malware Config

Signatures

Files

485fc7f2a1c2cbcd1766d3497e7ab68d

Headers

File Characteristics

Imports

advapi32

crypt32

gdi32

kernel32

msvcrt

user32

wldap32

ws2_32

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.data Size: 43KB - Virtual size: 42KB

.rdata Size: 435KB - Virtual size: 434KB

.bss Size: - Virtual size: 16KB

.edata Size: 2KB - Virtual size: 1KB

.idata Size: 7KB - Virtual size: 6KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 1024B - Virtual size: 992B

.reloc Size: 68KB - Virtual size: 67KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 43KB - Virtual size: 42KB

.rdata
Size: 435KB - Virtual size: 434KB

.bss
Size: - Virtual size: 16KB

.edata
Size: 2KB - Virtual size: 1KB

.idata
Size: 7KB - Virtual size: 6KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 1024B - Virtual size: 992B

.reloc
Size: 68KB - Virtual size: 67KB