xliveless_20140518_v2[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

xliveless_20140518_v2.zip
Size

172KB
MD5

04c368285c587ecdbe928252722e7d92
SHA1

c99e68365fd79e89047ad5a6aabd7f7ac8f039da
SHA256

2b2d673e81751a19f138cffd7c299432a8c97f91e098f130b712b7ca71357bea
SHA512

2ffadb17d3d64305c087deaded78aebf4395f50359632bf3f735ca0e19d469019d57d58dadbc15be36ec9043faca0f7d99e09a7e03e4fcba675b4769dffebf49
SSDEEP

3072:1ieM2nWBsLTqIzlU9FR+aV8hf6WdeF2Usnb6alpbJwu7nW1PRms5R0W94UuM:1M2WBsfqIzcf+aV8hf1YMWalDDnORj5p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/xliveless_20140518_v2/xlive.dll

Files

xliveless_20140518_v2.zip
.zip
xliveless_20140518_v2/xlive.dll
.dll windows:5 windows x86 arch:x86

d5a16644ed8a44b37f472393154e9e8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\Builds\[kopie_robocze]\xliveless\Release\xlive.pdb

Imports

ws2_32

inet_ntoa
htons
ntohl
ntohs
htonl
WSAEventSelect
__WSAFDIsSet
WSAWaitForMultipleEvents
WSAResetEvent
WSASetEvent
WSACloseEvent
WSACreateEvent
WSASetLastError
WSAGetLastError
inet_addr
WSASendTo
sendto
WSASend
send
WSARecvFrom
recvfrom
WSARecv
recv
WSAGetOverlappedResult
select
accept
listen
connect
bind
getpeername
getsockname
getsockopt
setsockopt
ioctlsocket
shutdown
closesocket
socket
WSACleanup
WSAStartup

shlwapi

PathAppendA
PathRemoveFileSpecA
PathIsRelativeA

kernel32

DuplicateHandle
LoadLibraryW
WriteConsoleW
FlushFileBuffers
SetStdHandle
GetStringTypeW
LCMapStringW
HeapReAlloc
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReleaseSemaphore
GetVersionExW
GetModuleHandleA
GetModuleFileNameW
FreeLibraryAndExitThread
GetThreadTimes
OutputDebugStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetProcessHeap
GetConsoleCP
GetFileType
GetStdHandle
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetCPInfo
GetOEMCP
CloseHandle
FreeConsole
GetModuleFileNameA
CreateFileA
WriteFile
WriteConsoleA
GetCurrentThreadId
GetLocalTime
CreateDirectoryA
FindFirstFileW
FindNextFileW
FindClose
SetEvent
CancelIo
Sleep
SetLastError
CreateThread
CreateMutexA
GetCurrentProcessId
GetSystemTime
SystemTimeToFileTime
CreateEventA
CreateDirectoryW
CreateFileW
FreeLibrary
LoadLibraryExW
GetACP
IsValidCodePage
HeapAlloc
HeapSize
WideCharToMultiByte
AreFileApisANSI
GetModuleHandleExW
ExitProcess
CreateSemaphoreW
GetTickCount
GetStartupInfoW
TerminateProcess
CreateEventW
VirtualQuery
VirtualProtect
GetThreadContext
SetThreadContext
InitializeCriticalSection
Thread32First
LeaveCriticalSection
Thread32Next
EnterCriticalSection
OpenThread
CreateToolhelp32Snapshot
DeleteCriticalSection
SuspendThread
ResumeThread
VirtualFree
VirtualAlloc
SetEndOfFile
GetCurrentProcess
GetCurrentThread
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
ReadFile
IsDebuggerPresent
IsProcessorFeaturePresent
GetLastError
MultiByteToWideChar
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
CreateTimerQueue
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetModuleHandleW
GetProcAddress
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount

user32

EnumWindows
GetDlgItemTextW
EndDialog
SetDlgItemTextW
DialogBoxParamA
SetWindowPos
GetWindowRect
GetDesktopWindow
GetWindowThreadProcessId
wsprintfW
SetWindowTextW

wintrust

WinVerifyTrust

Sections

.text
Size: 226KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xliveless_20140518_v2/xlive.ini

Sharing

General

Malware Config

Signatures

Files

d5a16644ed8a44b37f472393154e9e8a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

shlwapi

kernel32

user32

wintrust

Sections

.text Size: 226KB - Virtual size: 225KB

.rdata Size: 87KB - Virtual size: 86KB

.data Size: 10KB - Virtual size: 327KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 226KB - Virtual size: 225KB

.rdata
Size: 87KB - Virtual size: 86KB

.data
Size: 10KB - Virtual size: 327KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 13KB