file_1a8ae49d183545cca83b9d83fc1066db_2024-08-08_14_21_50_013000[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

file_1a8ae49d183545cca83b9d83fc1066db_2024-08-08_14_21_50_013000.zip
Size

4.3MB
MD5

4aa02a6b7ac7bee34b4742c0f9d2278d
SHA1

d79e439a66d927d3856b29c4b1532df1ecd79f67
SHA256

27525461dd311f524424646cbfad471d509708475bd646913387860f622ee6ae
SHA512

ef7881c12b5c1e8ef24178a72471e3a74441553fb9e3dfbac6fdebff2beb2ac0f3c382ead7fcd1eabedbf255f4629db4c4f5762137a36abf253a550afe2d3ad6
SSDEEP

98304:2llF4j0Grbq5cs/3kyY8PUV8OXQr+KveXnavZcWl83vNoTQfA/XhvWFVT/STf5j:2DF4o4G5R3kyYkUV8yQrmXnucoQIQFVG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/entry001/CAST Highlight Code Reader.exe

Files

file_1a8ae49d183545cca83b9d83fc1066db_2024-08-08_14_21_50_013000.zip
.zip
entry001/CAST Highlight Code Reader.exe
.exe windows:6 windows x64 arch:x64

93ef339edde4c8dace887b55b0fc8278

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

cast_highlight_code_reader.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
WaitOnAddress
WakeByAddressAll

kernel32

RtlPcToFileHeader
LoadLibraryW
UnhandledExceptionFilter
RaiseException
EncodePointer
DeleteCriticalSection
RtlUnwindEx
GetModuleHandleW
SleepConditionVariableSRW
SetUnhandledExceptionFilter
LCIDToLocaleName
lstrlenW
CreateMutexA
WaitForSingleObjectEx
GetTempPathW
InitializeCriticalSectionAndSpinCount
CreateThread
WideCharToMultiByte
WriteConsoleW
WakeAllConditionVariable
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
WaitForMultipleObjects
LoadLibraryA
ReadFileEx
CreateNamedPipeW
ExitProcess
CancelIo
GlobalLock
GlobalUnlock
CreateEventW
GlobalAlloc
CopyFileExW
GetFinalPathNameByHandleW
SetFileAttributesW
CreateHardLinkW
CreateSymbolicLinkW
RemoveDirectoryW
MoveFileExW
DeleteFileW
IsDebuggerPresent
MultiByteToWideChar
InitializeSListHead
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
CreateFileW
GetUserDefaultUILanguage
FindNextFileW
GetFileAttributesW
GetModuleFileNameW
OutputDebugStringA
OutputDebugStringW
GetLastError
CreateMutexW
ReleaseMutex
TlsAlloc
LoadLibraryExW
IsProcessorFeaturePresent
FreeLibrary
GetEnvironmentVariableW
HeapReAlloc
GetSystemTimePreciseAsFileTime
GetProcessHeap
HeapFree
TerminateProcess
GetExitCodeProcess
SleepEx
WriteFileEx
HeapAlloc
WaitForSingleObject
GetCurrentProcessId
GetStdHandle
FormatMessageW
GetCurrentProcess
DuplicateHandle
SetFilePointerEx
SetFileInformationByHandle
FlushFileBuffers
GetCommandLineW
SetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
RtlVirtualUnwind
RtlLookupFunctionEntry
SetHandleInformation
RtlCaptureContext
SetWaitableTimer
CreateWaitableTimerExW
SwitchToThread
GetCurrentThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
TlsFree
CompareStringOrdinal
DeleteProcThreadAttributeList
FreeEnvironmentStringsW
GetConsoleMode
GetFileInformationByHandle
GetQueuedCompletionStatusEx
GetSystemInfo
PostQueuedCompletionStatus
ReadFile
GetOverlappedResult
GetProcAddress
SetFileCompletionNotificationModes
TlsGetValue
Sleep
CreatePipe
GetModuleHandleA
AcquireSRWLockExclusive
TerminateJobObject
Thread32Next
ResumeThread
OpenThread
Thread32First
CreateToolhelp32Snapshot
GetProcessId
AssignProcessToJobObject
SetInformationJobObject
CreateIoCompletionPort
CreateJobObjectW
GetCurrentThreadId
SetFileTime
GetTimeZoneInformation
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTimeAsFileTime
ReleaseSRWLockExclusive
TlsSetValue
FindClose
CloseHandle
FileTimeToSystemTime
GetFullPathNameW

user32

DispatchMessageW
DispatchMessageA
GetMessageA
TranslateMessage
TranslateAcceleratorW
SetForegroundWindow
GetAncestor
SetWindowTextW
GetMessageW
MapVirtualKeyW
GetWindowLongW
SystemParametersInfoA
SetClipboardData
RegisterClipboardFormatW
EmptyClipboard
CloseClipboard
GetUpdateRect
PeekMessageW
GetClipboardData
GetClientRect
PostThreadMessageW
IsWindowVisible
AdjustWindowRectEx
GetWindowRect
ToUnicodeEx
GetKeyboardLayout
GetRawInputData
UnregisterHotKey
RegisterHotKey
IsProcessDPIAware
GetDC
PostQuitMessage
SendInput
AppendMenuW
FlashWindowEx
CreateMenu
SetMenuItemInfoW
ValidateRect
ClientToScreen
LoadCursorW
GetTouchInputInfo
MonitorFromPoint
RedrawWindow
EnumDisplayMonitors
CreateIcon
CreateAcceleratorTableW
TrackMouseEvent
ScreenToClient
VkKeyScanW
SendMessageW
CreateWindowExW
MapVirtualKeyExW
RegisterClassExW
CloseTouchInputHandle
FindWindowW
GetKeyState
GetAsyncKeyState
GetKeyboardState
SetWindowDisplayAffinity
GetMenu
ShowCursor
ClipCursor
GetClipCursor
GetSystemMenu
SetWindowLongW
ShowWindow
CheckMenuItem
EnableMenuItem
DestroyIcon
DestroyAcceleratorTable
SetCapture
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
RegisterWindowMessageA
SetCursor
EnumChildWindows
DefWindowProcW
MonitorFromRect
MessageBoxW
PostMessageW
GetWindowLongPtrW
SetWindowLongPtrW
DestroyWindow
OpenClipboard
RegisterTouchWindow
GetSystemMetrics
IsWindow
GetForegroundWindow
SetCursorPos
ReleaseCapture
GetActiveWindow
SetMenu
InvalidateRgn
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
SetWindowPos
GetMonitorInfoW
MonitorFromWindow
GetCursorPos

secur32

DecryptMessage
AcceptSecurityContext
FreeContextBuffer
EncryptMessage
FreeCredentialsHandle
ApplyControlToken
QueryContextAttributesW
DeleteSecurityContext
AcquireCredentialsHandleA
InitializeSecurityContextW

crypt32

CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertDuplicateStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertDuplicateCertificateChain
CertFreeCertificateChain
CertGetCertificateChain
CertVerifyCertificateChainPolicy

ws2_32

select
freeaddrinfo
getsockname
getpeername
getaddrinfo
WSASocketW
bind
connect
ioctlsocket
getsockopt
shutdown
recv
closesocket
send
WSASend
setsockopt
WSAIoctl
WSACleanup
WSAStartup
WSAGetLastError

comctl32

DefSubclassProc
RemoveWindowSubclass
SetWindowSubclass

ole32

RegisterDragDrop
OleInitialize
CreateStreamOnHGlobal
CoUninitialize
RevokeDragDrop
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitializeEx

gdi32

GetDeviceCaps
DeleteObject
CreateRectRgn

dwmapi

DwmEnableBlurBehindWindow

advapi32

RegOpenKeyExW
RegQueryValueExW
RegGetValueW
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
RegCloseKey

shell32

DragFinish
ShellExecuteW
DragQueryFileW
SHGetKnownFolderPath
SHCreateItemFromParsingName

uxtheme

SetWindowTheme

oleaut32

SysStringLen
SysFreeString
GetErrorInfo
SetErrorInfo

ntdll

NtCancelIoFileEx
NtWriteFile
RtlGetNtVersionNumbers
NtDeviceIoControlFile
NtCreateFile
NtReadFile
RtlNtStatusToDosError

bcrypt

BCryptGenRandom

api-ms-win-crt-string-l1-1-0

strcpy_s
wcsncmp
strlen
wcslen
_wcsicmp

api-ms-win-crt-math-l1-1-0

round
trunc
__setusermatherr
ceilf
pow
floor

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
calloc
free
_set_new_mode

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-runtime-l1-1-0

_get_initial_narrow_environment
_exit
_initterm
_initialize_narrow_environment
__p___argc
_c_exit
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe
__p___argv
abort
exit
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_cexit
_initterm_e

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
manifest.json

Sharing

General

Malware Config

Signatures

Files

93ef339edde4c8dace887b55b0fc8278

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

kernel32

user32

secur32

crypt32

ws2_32

comctl32

ole32

gdi32

dwmapi

advapi32

shell32

uxtheme

oleaut32

ntdll

bcrypt

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 6.8MB - Virtual size: 6.8MB

.rdata Size: 3.7MB - Virtual size: 3.7MB

.data Size: 13KB - Virtual size: 24KB

.pdata Size: 360KB - Virtual size: 360KB

.rsrc Size: 45KB - Virtual size: 44KB

.reloc Size: 44KB - Virtual size: 43KB

.text
Size: 6.8MB - Virtual size: 6.8MB

.rdata
Size: 3.7MB - Virtual size: 3.7MB

.data
Size: 13KB - Virtual size: 24KB

.pdata
Size: 360KB - Virtual size: 360KB

.rsrc
Size: 45KB - Virtual size: 44KB

.reloc
Size: 44KB - Virtual size: 43KB