Vision_loader_fnhack[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Vision_loader_fnhack.zip
Size

260KB
MD5

1bc4b34f565ef45d6d16c01b430ce2d6
SHA1

d4261020edcf4b71a5b261fddb3a859c352f94e2
SHA256

ec601c36feeee576997eef1353981acd1f1f33506fb997afee602f1d90b2e3df
SHA512

b29714353bfc4d4c60b3bea036ce15a756b91c4f4d273a605e53018afee07d337049cd715a8fa89da00b23c4942dcd38aed15bfed6f9cd07786e98adc903b667
SSDEEP

6144:FeW2kFFwavtnSX3v33W6yXw0EVUqcL8aXSbExY:FeWRLpvpSnvMFdqcL1zxY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/loader_fn_hack.exe

Files

Vision_loader_fnhack.zip
.zip
__MACOSX/._loader_fn_hack.exe
coolscriptcrossbowprediction.lua
.js
loader_fn_hack.exe
.exe windows:6 windows x64 arch:x64

83a61e7822878b96ed942784091b0b71

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dwmapi

DwmExtendFrameIntoClientArea

kernel32

GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
QueryPerformanceFrequency
QueryPerformanceCounter
CreateToolhelp32Snapshot
MultiByteToWideChar
Sleep
Process32NextW
CloseHandle
CreateThread
WideCharToMultiByte
GetConsoleWindow
SetConsoleTitleW
LoadLibraryA
GetModuleHandleW
WaitForSingleObjectEx
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
GetCurrentProcessId
LeaveCriticalSection
GetCurrentThreadId
GetSystemTimeAsFileTime
EnterCriticalSection
InitializeSListHead
GetCurrentProcess
TerminateProcess
OutputDebugStringW
DeleteCriticalSection
GetLastError
InitializeCriticalSectionEx
GetProcAddress
IsDebuggerPresent
CreateEventW

user32

GetWindowLongW
SetClipboardData
DefWindowProcW
GetWindow
GetWindowRect
DestroyWindow
SetWindowPos
CreateWindowExW
GetSystemMetrics
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
ReleaseCapture
GetClientRect
SetCursor
SetCapture
LoadCursorW
ClientToScreen
UnregisterClassW
GetCapture
RegisterClassExW
ShowWindow
DispatchMessageW
PeekMessageW
GetForegroundWindow
MoveWindow
GetActiveWindow
ScreenToClient
GetKeyState
TranslateMessage
SetWindowLongW
PostQuitMessage
FindWindowA
UpdateWindow

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

d3d9

Direct3DCreate9Ex

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
memcmp
memchr
memmove
memset
_CxxThrowException
__C_specific_handler
__current_exception_context
__current_exception
strchr
strstr
__std_terminate
__std_exception_copy
__std_exception_destroy

api-ms-win-crt-runtime-l1-1-0

_c_exit
__p___argv
system
__p___argc
terminate
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_initialize_narrow_environment
_exit
_initterm_e
_register_thread_local_exe_atexit_callback
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
exit

api-ms-win-crt-stdio-l1-1-0

ftell
__acrt_iob_func
_get_stream_buffer_pointers
_fseeki64
fsetpos
ungetc
setvbuf
fgetpos
__stdio_common_vsnprintf_s
__p__commode
fgetc
__stdio_common_vsprintf_s
fputc
_set_fmode
fflush
fclose
fseek
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fwrite
__stdio_common_vfprintf

api-ms-win-crt-string-l1-1-0

strncpy
isprint
strcmp

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode
_callnewh

api-ms-win-crt-convert-l1-1-0

atof
wcstombs_s

api-ms-win-crt-filesystem-l1-1-0

remove
_unlock_file
_lock_file

api-ms-win-crt-math-l1-1-0

tanf
powf
sinf
__setusermatherr
sqrtf
pow
floorf
cosf
ceilf
asin
fmodf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 278KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 147KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83a61e7822878b96ed942784091b0b71

Headers

DLL Characteristics

File Characteristics

Imports

dwmapi

kernel32

user32

msvcp140

imm32

d3d9

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 278KB - Virtual size: 277KB

.rdata Size: 54KB - Virtual size: 53KB

.data Size: 147KB - Virtual size: 150KB

.pdata Size: 13KB - Virtual size: 12KB

_RDATA Size: 512B - Virtual size: 464B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 512B - Virtual size: 368B

.text
Size: 278KB - Virtual size: 277KB

.rdata
Size: 54KB - Virtual size: 53KB

.data
Size: 147KB - Virtual size: 150KB

.pdata
Size: 13KB - Virtual size: 12KB

_RDATA
Size: 512B - Virtual size: 464B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 512B - Virtual size: 368B