extracted[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

extracted.zip
Size

49KB
MD5

338403f0b844c83648e56a3841e4ba9f
SHA1

37072275b209d4a8911f677ca514082d39c23f12
SHA256

0cd11879463fcd3391ac93b43cfb95936ac234e6f75860aef7580634edd80665
SHA512

d44fd09dba532ce60f3eb728bc76738985cd4bbe6e8dd62768d0df05da742174b5ba2a60208886cdf5a467e80e70c41d495949bde1b9594c43e66d8801b6cc2c
SSDEEP

768:7fH5kRmo9Uf7gMHVilLtMaRBCgC9AMGZETVuJJ0c0fQhxRJMKzCwxK+dazzoJZ6Y:7xOmmU2lLtMVpGZETVuuQhxJzSzYgbJ2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/extracted2/AssuresThatItWontBeDropped/DllEmb.dll

Files

extracted.zip
.zip
extracted2/AssuresThatItWontBeDropped/DllEmb.dll
.dll regsvr32 windows:6 windows x64 arch:x64

4b4fe8e9a96262a3674b1bbad5d0c02e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\aaaa\Documents\Hackdef\msi\OCE-DW-15\DllEmb\x64\Release\DllEmb.pdb

Imports

kernel32

GetSystemDefaultLangID
GetLocaleInfoW
GetUserDefaultLocaleName
CreateFileW
GetLocaleInfoEx
FormatMessageA
LocalFree
GetFileAttributesW
GetTempPathW
AreFileApisANSI
CloseHandle
GetLastError
GetModuleHandleW
GetProcAddress
WideCharToMultiByte
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent

msvcp140

?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?good@ios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?wcerr@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?uncaught_exception@std@@YA_NXZ

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_type_info_destroy_list
_CxxThrowException
memset
__std_exception_destroy
__std_exception_copy
__std_terminate
memcpy
__C_specific_handler
memmove

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_seh_filter_dll
_initterm_e
_initterm
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
abort
_crt_atexit
_invalid_parameter_noinfo_noreturn
_cexit
_configure_narrow_argv

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-stdio-l1-1-0

fgetpos
_fseeki64
fsetpos
setvbuf
fflush
ungetc
fgetc
fread
_get_stream_buffer_pointers
fclose
fwrite
fputc

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

Exports

Exports

DllInstall
DllRegisterServer
DllUnregisterServer
MainDll

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
extracted2/Firefox_update_x64.msi
.msi

Sharing

General

Malware Config

Signatures

Files

4b4fe8e9a96262a3674b1bbad5d0c02e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 7KB - Virtual size: 8KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 220B

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 7KB - Virtual size: 8KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 220B