vermillion-2022 1[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

vermillion-2022 1.rar
Size

1.8MB
MD5

aa64b3dc88ef40193461aef6a8eb6b8b
SHA1

1da0fc67c7c41ad2a2fb8b5807c616394474ddbe
SHA256

5dce3178589799db78bf64cde294a7d76907e0f358c92886f8943a9ecc4e5736
SHA512

47ffb61ec851e87ea6c707076d6480598e251ed95502d2a4b2af1c6122d4d5d044a3ffbc3f613f2e0652c366380d0d17103903d734bcbd98542e59215c561491
SSDEEP

49152:2ce7c9ChfuhEDiJsRCwCFr++gMXnVTqesZs:2jw9C5kdJgbgbvV9

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Vermillion Hack 2022/Project4.hl.exe	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Vermillion Hack 2022/Project4.dll
unpack001/Vermillion Hack 2022/Project4.hl.exe
unpack003/out.upx
unpack001/Vermillion Hack 2022/shiza.dll

Files

vermillion-2022 1.rar
.rar

Password: o-cs.ru
Vermillion Hack 2022/Project4.dll
.dll windows:6 windows x86 arch:x86

Password: o-cs.ru

d138ad463df811ff4aee43c9dd23d75a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
SetConsoleTitleA
VirtualAlloc
LoadLibraryA
FreeConsole
CreateThread
GetConsoleWindow
AllocConsole
VirtualQuery
WriteConsoleW
SetEndOfFile
CloseHandle
HeapCreate
HeapAlloc
HeapReAlloc
HeapFree
Sleep
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
OpenThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualProtect
GetModuleHandleW
GetProcAddress
CreateToolhelp32Snapshot
Thread32First
Thread32Next
VirtualFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
LCMapStringW
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetStdHandle
GetFileSizeEx
SetFilePointerEx
GetStringTypeW
CreateFileW
HeapSize
ReadFile
ReadConsoleW
DecodePointer

user32

ShowWindow

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Vermillion Hack 2022/Project4.hl.exe
.exe windows:5 windows x86 arch:x86

Password: o-cs.ru

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 196KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Vermillion Hack 2022/injmthd.ini
Vermillion Hack 2022/mycfg.cfg
Vermillion Hack 2022/shiza.dll
.dll windows:6 windows x86 arch:x86

Password: o-cs.ru

e9f33c34083c46b80b14ca02be1d51fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFree
VirtualAlloc
VirtualQuery
HeapCreate
VirtualProtect
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
HeapReAlloc
CloseHandle
HeapAlloc
HeapDestroy
GetThreadContext
GetCurrentProcessId
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
WideCharToMultiByte
GetTickCount64
GetProcessHeap
IsBadReadPtr
FreeLibraryAndExitThread
CreateThread
DisableThreadLibraryCalls
FindFirstFileA
QueryPerformanceCounter
FindClose
DeleteFileA
WriteConsoleW
SetEndOfFile
HeapSize
CreateFileW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetFileSizeEx
GetConsoleOutputCP
WriteFile
FlushFileBuffers
GetCurrentDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetProcAddress
QueryPerformanceFrequency
MultiByteToWideChar
FindNextFileA
GetModuleHandleA
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetFileType
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
GetFullPathNameW
GetDriveTypeW
ReadFile
LoadLibraryExW
FreeLibrary
SetLastError
GetLastError
InterlockedFlushSList
RtlUnwind
RaiseException
TlsFree
TlsGetValue
CreateSemaphoreW
TlsAlloc
InitializeCriticalSection
ReleaseSemaphore
TlsSetValue
TerminateProcess
InitializeSListHead
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetStringTypeW
LCMapStringEx
DecodePointer
EncodePointer
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
GetSystemTimeAsFileTime

user32

ReleaseCapture
SetCursorPos
GetCursorPos
GetActiveWindow
SetWindowLongA
CallWindowProcA
DefWindowProcA
FindWindowA
ShowCursor
GetWindowRect
GetDesktopWindow
GetAsyncKeyState
GetKeyState
mouse_event
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
IsChild
TrackMouseEvent
GetForegroundWindow
SetCapture
SetCursor
GetClientRect

gdi32

SelectObject
GetTextExtentPointA
DeleteObject
CreateFontA

shell32

SHGetKnownFolderPath

opengl32

glPolygonMode
glPopMatrix
glVertex2f
glVertex2i
glBegin
glColor3f
glEnd
glListBase
glColor4ub
glRasterPos2i
glHint
wglUseFontBitmapsA
glCallLists
glGenLists
wglGetCurrentDC
glColor4f
glDepthFunc
glGetIntegerv
glPushAttrib
glOrtho
glPixelStorei
glShadeModel
glPushMatrix
glDisable
glDrawElements
glTexEnvi
glColorPointer
glTexImage2D
glGetTexEnviv
glTexCoordPointer
glDeleteTextures
glTexParameteri
glLoadIdentity
glBlendFunc
glMatrixMode
glDisableClientState
glScissor
glEnable
glVertexPointer
glGenTextures
glBindTexture
glLineWidth
glPopAttrib
glEnableClientState
glViewport

winmm

timeGetTime

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 489KB - Virtual size: 489KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.0
Size: 463KB - Virtual size: 463KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: o-cs.ru

Password: o-cs.ru

d138ad463df811ff4aee43c9dd23d75a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 86KB - Virtual size: 85KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 4KB

Password: o-cs.ru

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 196KB

UPX1 Size: 10KB - Virtual size: 12KB

.rsrc Size: 168KB - Virtual size: 168KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 168KB - Virtual size: 167KB

.reloc Size: 2KB - Virtual size: 1KB

Password: o-cs.ru

e9f33c34083c46b80b14ca02be1d51fa

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

opengl32

winmm

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 489KB - Virtual size: 489KB

.data Size: 10KB - Virtual size: 25KB

.0 Size: 463KB - Virtual size: 463KB

.reloc Size: 54KB - Virtual size: 53KB

.text
Size: 86KB - Virtual size: 85KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 196KB

UPX1
Size: 10KB - Virtual size: 12KB

.rsrc
Size: 168KB - Virtual size: 168KB

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 168KB - Virtual size: 167KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 489KB - Virtual size: 489KB

.data
Size: 10KB - Virtual size: 25KB

.0
Size: 463KB - Virtual size: 463KB

.reloc
Size: 54KB - Virtual size: 53KB