SinisterX[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

SinisterX.zip
Size

3.5MB
MD5

3ea92defc1a4c0da818acb301d554559
SHA1

9259b147931d5739da9f468d0ebe5c724e1d9116
SHA256

91b6aa1318dc32f21d861603bfc291fed0742e41c59ab46e4144f989f8e5399d
SHA512

a9d9b5b80363793b4faa3b643d009e5b223d1f14489c51ae63d589df14b3f7b1825a6ba5fc52c2e37faebf0a52c451a115105337f6eef1cd6932ae6ff0b569b1
SSDEEP

98304:nQleg/t68vhDmswVrUE+8a9TcFPgS8x4H+PnUDicwdqFvE:Ut68vhDt0rUigSG4H+PUPwdqFM

Score

1^/10

Malware Config

Signatures

Files

SinisterX.zip
.zip
install.txt
installer.exe
.exe windows:6 windows x64 arch:x64

43ed6509b0731c54560420c74f2025bc

Code Sign

47:9e:0b:ca:68:5e:6d:8a:42:fa:23:22:17:59:1a:3d
Certificate

Issuer

CN=Extravi,O=extravi.dev,1.2.840.113549.1.9.1=#0c1164616e746540657874726176692e646576

Not Before

02-06-2024 04:45

Not After

02-06-2104 04:55

Subject

CN=Extravi,O=extravi.dev,1.2.840.113549.1.9.1=#0c1164616e746540657874726176692e646576

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f0:78:1f:6a:94:c6:fc:b3:42:49:f2:64:ec:12:1d:b3:b0:9d:cb:91
Signer

Actual PE Digest

f0:78:1f:6a:94:c6:fc:b3:42:49:f2:64:ec:12:1d:b3:b0:9d:cb:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\hecker\Desktop\Bloxshade-main\bloxshade\build\installer.pdb

Imports

advapi32

RegGetValueW
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
CryptEncrypt

kernel32

GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetProcessHeap
HeapQueryInformation
HeapReAlloc
HeapFree
FlushFileBuffers
WriteConsoleW
OutputDebugStringW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
WriteFile
FreeEnvironmentStringsW
GetTimeFormatW
ExitThread
CreateThread
CompareStringW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
GetSystemInfo
HeapValidate
HeapSize
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
FreeLibraryAndExitThread
GetEnvironmentStringsW
SetEnvironmentVariableW
SetEndOfFile
MultiByteToWideChar
WinExec
WideCharToMultiByte
LocalFree
GetTempPathW
GetCommandLineW
SystemTimeToFileTime
SetFilePointerEx
GetLastError
SetLastError
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
VerifyVersionInfoA
Sleep
QueryPerformanceCounter
GetTickCount
CloseHandle
WaitForSingleObjectEx
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
CreateFileA
GetFileSizeEx
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetFileInformationByHandle
SetFileTime
AreFileApisANSI
DeviceIoControl
GetModuleHandleW
CopyFileW
MoveFileExW
GetFileInformationByHandleEx
CreateSymbolicLinkW
GetLocaleInfoEx
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
CompareStringEx
GetCPInfo
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InitializeCriticalSectionAndSpinCount
RtlUnwind

user32

MessageBoxW

comdlg32

GetOpenFileNameW

shell32

ShellExecuteW
CommandLineToArgvW

normaliz

IdnToAscii

ws2_32

htonl
select
__WSAFDIsSet
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
recv
socket
WSAGetLastError
send
closesocket
listen
getaddrinfo
freeaddrinfo
recvfrom
sendto
ioctlsocket
gethostname
ntohl
accept

wldap32

ord22
ord41
ord50
ord45
ord26
ord211
ord46
ord217
ord143
ord30
ord32
ord27
ord33
ord79
ord35
ord200
ord301
ord60

crypt32

CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertAddCertificateContextToStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateChain

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup.exe
.exe windows:6 windows x64 arch:x64

7a6361d879c5048c350aa35ae14a21b8

Code Sign

47:9e:0b:ca:68:5e:6d:8a:42:fa:23:22:17:59:1a:3d
Certificate

Issuer

CN=Extravi,O=extravi.dev,1.2.840.113549.1.9.1=#0c1164616e746540657874726176692e646576

Not Before

02-06-2024 04:45

Not After

02-06-2104 04:55

Subject

CN=Extravi,O=extravi.dev,1.2.840.113549.1.9.1=#0c1164616e746540657874726176692e646576

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:89:70:3c:5f:28:85:ba:0b:bd:1d:49:e2:86:d2:2d:df:ca:9f:7c
Signer

Actual PE Digest

62:89:70:3c:5f:28:85:ba:0b:bd:1d:49:e2:86:d2:2d:df:ca:9f:7c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

app.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressSingle
WakeByAddressAll

user32

GetKeyboardLayout
VkKeyScanW
MapVirtualKeyExW
GetKeyState
GetAsyncKeyState
GetKeyboardState
GetRawInputData
GetForegroundWindow
CreateWindowExW
IsWindow
GetSystemMetrics
SystemParametersInfoA
PostQuitMessage
CreateAcceleratorTableW
AppendMenuW
CreateMenu
SetMenuItemInfoW
CreateIcon
SendInput
SetForegroundWindow
ClientToScreen
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
DestroyAcceleratorTable
RegisterTouchWindow
ReleaseCapture
GetCursorPos
DestroyWindow
DestroyIcon
DispatchMessageW
MapVirtualKeyW
GetMessageW
TranslateMessage
IsProcessDPIAware
GetClientRect
GetDC
InvalidateRgn
GetAncestor
GetMessageA
PostMessageW
TranslateAcceleratorW
PeekMessageW
PostThreadMessageW
DefWindowProcW
FlashWindowEx
ChangeDisplaySettingsExW
AdjustWindowRectEx
GetWindowRect
MonitorFromPoint
EnumDisplayMonitors
GetWindowLongPtrW
SetWindowDisplayAffinity
GetMenu
ShowCursor
ClipCursor
GetClipCursor
SetWindowLongW
SendMessageW
GetSystemMenu
ShowWindow
CheckMenuItem
EnableMenuItem
SetCapture
SetWindowLongPtrW
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
RegisterClassExW
RegisterWindowMessageA
IsIconic
DispatchMessageA
EnumChildWindows
SetWindowPos
SetMenu
GetActiveWindow
SetCursorPos
GetMonitorInfoW
MonitorFromWindow
ToUnicodeEx
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
TrackMouseEvent
MonitorFromRect
GetWindowLongW
IsWindowVisible
GetUpdateRect
ValidateRect
SetCursor
LoadCursorW
GetWindowPlacement
SetWindowPlacement
RedrawWindow

kernel32

IsDebuggerPresent
UnhandledExceptionFilter
GetModuleHandleW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
RtlUnwindEx
RtlPcToFileHeader
RaiseException
GetSystemTimeAsFileTime
LoadLibraryW
EncodePointer
InitializeSListHead
SleepConditionVariableSRW
lstrlenW
WakeAllConditionVariable
AcquireSRWLockExclusive
GetCurrentThreadId
CreateMutexA
WaitForSingleObjectEx
GetTempPathW
GetFullPathNameW
GetCurrentThread
CreateThread
ReleaseSRWLockExclusive
CloseHandle
GetProcAddress
WriteConsoleW
LCIDToLocaleName
UpdateProcThreadAttribute
LoadLibraryA
InitializeProcThreadAttributeList
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
ReadFileEx
CreateNamedPipeW
ExitProcess
CopyFileExW
GetFinalPathNameByHandleW
RemoveDirectoryW
GetFileAttributesW
GetModuleFileNameW
GetLastError
OutputDebugStringA
OutputDebugStringW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
TlsAlloc
TlsGetValue
TlsSetValue
FreeLibrary
GetEnvironmentVariableW
GetSystemInfo
MoveFileExW
DeleteFileW
FindFirstFileW
CreateDirectoryW
GetProcessHeap
HeapFree
GetFileInformationByHandleEx
HeapAlloc
CreateFileW
FormatMessageW
WaitForSingleObject
MultiByteToWideChar
GetUserDefaultUILanguage
Sleep
GetModuleHandleA
GetCurrentProcess
DuplicateHandle
CreatePipe
GetFileInformationByHandle
GetConsoleMode
FindClose
FindNextFileW
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceCounter
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
SetEnvironmentVariableW
ReleaseMutex
GetCommandLineW
SetFileInformationByHandle
HeapReAlloc
QueryPerformanceFrequency
GetProcessId
TerminateProcess
GetExitCodeProcess
SleepEx
WriteFileEx
GetCurrentProcessId
GetStdHandle
TlsFree

gdi32

CreateRectRgn
GetDeviceCaps
DeleteObject

dwmapi

DwmEnableBlurBehindWindow

ole32

CreateStreamOnHGlobal
CoTaskMemFree
CoInitializeEx
RevokeDragDrop
CoUninitialize
RegisterDragDrop
OleInitialize
CoCreateInstance
CoTaskMemAlloc

api-ms-win-shcore-scaling-l1-1-1

SetProcessDpiAwareness

comctl32

DefSubclassProc
RemoveWindowSubclass
SetWindowSubclass

shell32

ShellExecuteW
DragQueryFileW
DragFinish
SHGetKnownFolderPath
SHAppBarMessage

uxtheme

SetWindowTheme

advapi32

SystemFunction036
EventRegister
EventSetInformation
EventWriteTransfer
RegGetValueW
EventUnregister
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

oleaut32

GetErrorInfo
SysFreeString
SysStringLen
SetErrorInfo

bcrypt

BCryptGenRandom

ntdll

NtReadFile
NtWriteFile
RtlNtStatusToDosError
NtCreateFile

api-ms-win-crt-math-l1-1-0

trunc
floor
__setusermatherr
round
pow

api-ms-win-crt-string-l1-1-0

_wcsicmp
wcslen
strcpy_s
wcsncmp

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-runtime-l1-1-0

exit
_exit
_initterm
_get_initial_narrow_environment
_initialize_onexit_table
_register_onexit_function
_initialize_narrow_environment
__p___argc
__p___argv
_cexit
_initterm_e
_crt_atexit
_configure_narrow_argv
terminate
_seh_filter_exe
_c_exit
abort
_set_app_type
_register_thread_local_exe_atexit_callback

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
calloc
malloc
free

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43ed6509b0731c54560420c74f2025bc

Code Sign

47:9e:0b:ca:68:5e:6d:8a:42:fa:23:22:17:59:1a:3dCertificate

Extended Key Usages

Key Usages

f0:78:1f:6a:94:c6:fc:b3:42:49:f2:64:ec:12:1d:b3:b0:9d:cb:91Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

comdlg32

shell32

normaliz

ws2_32

wldap32

crypt32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 279KB - Virtual size: 279KB

.data Size: 9KB - Virtual size: 19KB

.pdata Size: 54KB - Virtual size: 54KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 5KB - Virtual size: 5KB

7a6361d879c5048c350aa35ae14a21b8

Code Sign

47:9e:0b:ca:68:5e:6d:8a:42:fa:23:22:17:59:1a:3dCertificate

Extended Key Usages

Key Usages

62:89:70:3c:5f:28:85:ba:0b:bd:1d:49:e2:86:d2:2d:df:ca:9f:7cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

user32

kernel32

gdi32

dwmapi

ole32

api-ms-win-shcore-scaling-l1-1-1

comctl32

shell32

uxtheme

advapi32

oleaut32

bcrypt

ntdll

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 2.5MB - Virtual size: 2.5MB

.data Size: 1KB - Virtual size: 13KB

.pdata Size: 181KB - Virtual size: 181KB

.rsrc Size: 205KB - Virtual size: 205KB

.reloc Size: 37KB - Virtual size: 36KB

47:9e:0b:ca:68:5e:6d:8a:42:fa:23:22:17:59:1a:3d
Certificate

f0:78:1f:6a:94:c6:fc:b3:42:49:f2:64:ec:12:1d:b3:b0:9d:cb:91
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 279KB - Virtual size: 279KB

.data
Size: 9KB - Virtual size: 19KB

.pdata
Size: 54KB - Virtual size: 54KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 5KB - Virtual size: 5KB

47:9e:0b:ca:68:5e:6d:8a:42:fa:23:22:17:59:1a:3d
Certificate

62:89:70:3c:5f:28:85:ba:0b:bd:1d:49:e2:86:d2:2d:df:ca:9f:7c
Signer

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 2.5MB - Virtual size: 2.5MB

.data
Size: 1KB - Virtual size: 13KB

.pdata
Size: 181KB - Virtual size: 181KB

.rsrc
Size: 205KB - Virtual size: 205KB

.reloc
Size: 37KB - Virtual size: 36KB