Release[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Release.zip
Size

13.3MB
MD5

4f1b9153b377e74e06c671a7ba5e74c5
SHA1

ea2b3e10d3a8850075ae07a309d91aa2364525ec
SHA256

e96b84914c5c15d6bcba7aebec3082e9c7568cb17b37e73b5f35f1741bd81ab8
SHA512

d14c81307bd3f95b41ae472aa530479040a6acaa47a275b9e08741d219aef94e6c8abd4fe9591c85748b878e63ca0ebed9426b00ec6d34bc59acd48aa5a05c3a
SSDEEP

393216:xNAB7aJUS5DyhCYqEt1G95CKe0Y11IHSXOEnG:xNi7MUS5ZYqWKeB1+SXOEG

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Comet.exe
unpack001/bin/CometAuth.dll
unpack001/bin/instanceservice.exe

Files

Release.zip
.zip
Comet.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Administrator\Desktop\Comet 2\Comet 2\obj\Release\Comet.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Microsoft.Web.WebView2.Core.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:54:ca:2b:f3:cb:9d:da:a6:75:00:00:00:00:02:54
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:33

Not After

01/09/2022, 18:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

93:e6:53:3f:9d:fa:6e:e3:29:41:0c:61:5a:ec:4e:f0:a3:9b:c6:dd:0e:b2:67:6f:1d:91:23:07:ec:19:72:36
Signer

Actual PE Digest

93:e6:53:3f:9d:fa:6e:e3:29:41:0c:61:5a:ec:4e:f0:a3:9b:c6:dd:0e:b2:67:6f:1d:91:23:07:ec:19:72:36

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\third_party\edge_webview2\win\webview2_api_writer\dotNetAPIWrapper\Microsoft.Web.WebView2.Core\bin\ReleasePackage\Microsoft.Web.WebView2.Core.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 281KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/CometAuth.dll
.dll windows:6 windows x86 arch:x86

776bfb700b592eb65047ce4c67f7c7bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

CryptEncrypt

oleaut32

SysAllocString

msvcp140

?_Winerror_map@std@@YAHH@Z

vcruntime140

__std_terminate

api-ms-win-crt-runtime-l1-1-0

_initterm

api-ms-win-crt-string-l1-1-0

strncmp

api-ms-win-crt-heap-l1-1-0

malloc

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func

api-ms-win-crt-filesystem-l1-1-0

_stat64

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-utility-l1-1-0

qsort

ws2_32

accept

crypt32

CertFindCertificateInStore

wldap32

ord217

normaliz

IdnToAscii

user32

CharUpperBuffW

Exports

Exports

HWID
Verify

Sections

.text
Size: - Virtual size: 334KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.9(n
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.cW\
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.*};
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 233B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/CometRepair.bat
bin/GameHub.json
bin/Monaco/index.html
.html .js polyglot
bin/Monaco/index.html.bak
.html
bin/Monaco/tabs/untitled
bin/Monaco/vs/base/worker/workerMain.js
.js
bin/Monaco/vs/basic-languages/bat/bat.js
bin/Monaco/vs/basic-languages/coffee/coffee.js
bin/Monaco/vs/basic-languages/cpp/cpp.js
bin/Monaco/vs/basic-languages/csharp/csharp.js
bin/Monaco/vs/basic-languages/csp/csp.js
bin/Monaco/vs/basic-languages/css/css.js
bin/Monaco/vs/basic-languages/dockerfile/dockerfile.js
bin/Monaco/vs/basic-languages/fsharp/fsharp.js
bin/Monaco/vs/basic-languages/go/go.js
bin/Monaco/vs/basic-languages/handlebars/handlebars.js
.js
bin/Monaco/vs/basic-languages/html/html.js
.js
bin/Monaco/vs/basic-languages/ini/ini.js
bin/Monaco/vs/basic-languages/java/java.js
bin/Monaco/vs/basic-languages/less/less.js
bin/Monaco/vs/basic-languages/lua/lua.js
bin/Monaco/vs/basic-languages/markdown/markdown.js
.js
bin/Monaco/vs/basic-languages/msdax/msdax.js
bin/Monaco/vs/basic-languages/mysql/mysql.js
bin/Monaco/vs/basic-languages/objective-c/objective-c.js
bin/Monaco/vs/basic-languages/pgsql/pgsql.js
bin/Monaco/vs/basic-languages/php/php.js
bin/Monaco/vs/basic-languages/postiats/postiats.js
bin/Monaco/vs/basic-languages/powershell/powershell.js
bin/Monaco/vs/basic-languages/pug/pug.js
bin/Monaco/vs/basic-languages/python/python.js
bin/Monaco/vs/basic-languages/r/r.js
bin/Monaco/vs/basic-languages/razor/razor.js
.js
bin/Monaco/vs/basic-languages/redis/redis.js
bin/Monaco/vs/basic-languages/redshift/redshift.js
bin/Monaco/vs/basic-languages/ruby/ruby.js
bin/Monaco/vs/basic-languages/rust/rust.js
bin/Monaco/vs/basic-languages/sb/sb.js
bin/Monaco/vs/basic-languages/scss/scss.js
bin/Monaco/vs/basic-languages/solidity/solidity.js
bin/Monaco/vs/basic-languages/sql/sql.js
bin/Monaco/vs/basic-languages/st/st.js
bin/Monaco/vs/basic-languages/swift/swift.js
bin/Monaco/vs/basic-languages/vb/vb.js
bin/Monaco/vs/basic-languages/xml/xml.js
bin/Monaco/vs/basic-languages/yaml/yaml.js
bin/Monaco/vs/editor/contrib/suggest/media/String_16x.svg
bin/Monaco/vs/editor/contrib/suggest/media/String_inverse_16x.svg
bin/Monaco/vs/editor/editor.main.css
bin/Monaco/vs/editor/editor.main.js
.js
bin/Monaco/vs/editor/editor.main.nls.de.js
bin/Monaco/vs/editor/editor.main.nls.es.js
bin/Monaco/vs/editor/editor.main.nls.fr.js
bin/Monaco/vs/editor/editor.main.nls.it.js
bin/Monaco/vs/editor/editor.main.nls.ja.js
bin/Monaco/vs/editor/editor.main.nls.js
bin/Monaco/vs/editor/editor.main.nls.ko.js
bin/Monaco/vs/editor/editor.main.nls.ru.js
bin/Monaco/vs/editor/editor.main.nls.zh-cn.js
bin/Monaco/vs/editor/editor.main.nls.zh-tw.js
bin/Monaco/vs/editor/standalone/browser/quickOpen/symbol-sprite.svg
bin/Monaco/vs/language/css/cssMode.js
.js
bin/Monaco/vs/language/css/cssWorker.js
.js
bin/Monaco/vs/language/html/htmlMode.js
.js
bin/Monaco/vs/language/html/htmlWorker.js
.js
bin/Monaco/vs/language/json/jsonMode.js
.js
bin/Monaco/vs/language/json/jsonWorker.js
.js
bin/Monaco/vs/language/typescript/lib/typescriptServices.js
.js
bin/Monaco/vs/language/typescript/tsMode.js
.js
bin/Monaco/vs/language/typescript/tsWorker.js
.js
bin/Monaco/vs/loader.js
.js
bin/Tab.json.bak
bin/instanceservice.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Xiaom\source\repos\多个游戏实例\多个游戏实例\obj\Release\多个游戏实例.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/rbxscripts.json
.js
bin/tab.json
bin/theme.json
bin/theme.json.bak

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 6.0MB - Virtual size: 6.0MB

.rsrc Size: 29KB - Virtual size: 28KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:54:ca:2b:f3:cb:9d:da:a6:75:00:00:00:00:02:54Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

93:e6:53:3f:9d:fa:6e:e3:29:41:0c:61:5a:ec:4e:f0:a3:9b:c6:dd:0e:b2:67:6f:1d:91:23:07:ec:19:72:36Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 281KB - Virtual size: 280KB

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 512B - Virtual size: 12B

776bfb700b592eb65047ce4c67f7c7bd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

oleaut32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

ws2_32

crypt32

wldap32

normaliz

user32

Exports

Exports

Sections

.text Size: - Virtual size: 334KB

.rdata Size: - Virtual size: 61KB

.data Size: - Virtual size: 3KB

.9(n Size: - Virtual size: 3.5MB

.cW\ Size: 2KB - Virtual size: 1KB

.*}; Size: 6.5MB - Virtual size: 6.5MB

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 233B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 2KB - Virtual size: 2KB

.rsrc Size: 55KB - Virtual size: 54KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 6.0MB - Virtual size: 6.0MB

.rsrc
Size: 29KB - Virtual size: 28KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:02:54:ca:2b:f3:cb:9d:da:a6:75:00:00:00:00:02:54
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

93:e6:53:3f:9d:fa:6e:e3:29:41:0c:61:5a:ec:4e:f0:a3:9b:c6:dd:0e:b2:67:6f:1d:91:23:07:ec:19:72:36
Signer

.text
Size: 281KB - Virtual size: 280KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: - Virtual size: 334KB

.rdata
Size: - Virtual size: 61KB

.data
Size: - Virtual size: 3KB

.9(n
Size: - Virtual size: 3.5MB

.cW\
Size: 2KB - Virtual size: 1KB

.*};
Size: 6.5MB - Virtual size: 6.5MB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 233B

.text
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 55KB - Virtual size: 54KB

.reloc
Size: 512B - Virtual size: 12B