multi[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

multi.rar
Size

548KB
MD5

c411dd94f1fbf8f6cfa01d38fd014f8c
SHA1

6426752c566c4481ecbb758b8a9a2d23c40398b8
SHA256

30dab142fe678eb214444cb9d51bcfa3d3d9fc255a16cf69f28913c1f71962f9
SHA512

005d41f1309b6974fd21b79cc1fdf0dc7b0c3cec67d825c940a24c378c162f222bbc3eadfc40ba069a01c21479f8e8a291e570a44c475dc68c896d9919eff538
SSDEEP

12288:/KvpCOepN0ro6WGGSRKYgHPNOiucvyp9XIOlK3kFjrd7eGxDN:ihCOA0ra6KYgNOLrp9Xo6jrdCEDN

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/multi/BySfFZI.dll
unpack001/multi/NeutrinoAgent.dll
unpack001/multi/NeutrinoInjector.exe
unpack001/multi/multi.dll

Files

multi.rar
.rar
multi/BySfFZI.dll
.dll windows:6 windows x86 arch:x86

0cbdca504a94b48b7ab652684a0bd5de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MessageBeep
MessageBoxA

kernel32

SuspendThread
WriteConsoleW
SetEndOfFile
VirtualProtect
GetCurrentProcess
VirtualAlloc
Thread32Next
Thread32First
ResumeThread
GetModuleHandleA
OpenProcess
CreateToolhelp32Snapshot
MultiByteToWideChar
DeleteFileA
CloseHandle
K32GetModuleInformation
CreateThread
GetProcAddress
GetCurrentProcessId
WideCharToMultiByte
OpenThread
LocalFree
FormatMessageA
GetLocaleInfoEx
GetCurrentDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFullPathNameW
AreFileApisANSI
GetLastError
GetModuleHandleW
GetFileInformationByHandleEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
Sleep
GetCurrentThreadId
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualFree
VirtualQuery
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsProcessorFeaturePresent
IsDebuggerPresent
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetProcessHeap
FreeLibrary
HeapSize
RtlUnwind
InterlockedFlushSList
GetModuleFileNameW
LoadLibraryExW
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetDriveTypeW
ExitProcess
GetModuleHandleExW
GetFileSizeEx
SetFilePointerEx
GetStdHandle
GetFileType
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadFile
GetTimeZoneInformation
ReadConsoleW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle

Sections

.text
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
multi/NeutrinoAgent.dll
.dll windows:6 windows x86 arch:x86

29f4d3e01edab1123ff22cde32bbfed2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
VirtualAllocEx
CreateRemoteThread
CloseHandle
OpenThread
GetCurrentProcess
Sleep
HeapFree
LoadLibraryA
GetLastError
GetModuleHandleA
ResumeThread
FindClose
FindNextFileA
VirtualAlloc
FindFirstFileExA
VirtualFree
VirtualProtect
WriteProcessMemory
HeapReAlloc
HeapAlloc
HeapDestroy
HeapCreate
GetCurrentThreadId
GetCurrentProcessId
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
GetModuleHandleW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
VirtualQuery
IsDebuggerPresent
RaiseException
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GetProcessHeap
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

user32

MessageBoxA

advapi32

CloseServiceHandle
OpenSCManagerA
ControlService
StartServiceA
OpenServiceA
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA

msvcp140

?_Xlength_error@std@@YAXPBD@Z

vcruntime140

_except_handler4_common
__std_type_info_destroy_list
_CxxThrowException
__vcrt_LoadLibraryExW
memcpy
wcsstr
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
memcmp
memchr
__vcrt_GetModuleFileNameW
memset
memmove
__std_terminate

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
_seh_filter_dll
_initterm
_initterm_e

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-string-l1-1-0

strcpy_s
strcat_s

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
multi/NeutrinoInjector.exe
.exe windows:6 windows x86 arch:x86

17e836fa6f19c09cad0325cb075329e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
VirtualProtectEx
GetThreadContext
GetProcAddress
VirtualAllocEx
LoadLibraryA
ExitProcess
ReadProcessMemory
CreateRemoteThread
CreateProcessA
VirtualFreeEx
CreateFileW
CreateFileA
GetLastError
Sleep
GetExitCodeThread
WaitForSingleObject
VirtualAlloc
SetConsoleTitleA
VirtualFree
WriteProcessMemory
GetFileSize
ReadFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
RaiseException
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetDriveTypeW
GetFullPathNameW
GetStdHandle
WriteFile
GetModuleFileNameW
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
GetFileType
CompareStringW
LCMapStringW
GetExitCodeProcess
CreateProcessW
GetFileAttributesExW
MultiByteToWideChar
WideCharToMultiByte
GetCurrentDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
HeapSize
HeapReAlloc
DecodePointer
WriteConsoleW

advapi32

AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
multi/multi.dll
.dll windows:6 windows x86 arch:x86

5b1947824157a41dec45c53c8139279c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\m4tri\Desktop\skype\visuals.pdb

Imports

kernel32

GetModuleFileNameA
GetModuleHandleExW
GetModuleFileNameW
GetModuleHandleExA
GetModuleHandleW
VirtualProtect
HeapSize
CreateFileW
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
QueryPerformanceCounter
FindClose
OutputDebugStringW
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
FreeLibrary
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
CreateThread
K32GetModuleInformation
SetFilePointerEx
GetFileSizeEx
GetCurrentThread
DisableThreadLibraryCalls
Sleep
GetModuleHandleA
FindFirstFileExW
GetCurrentProcess
ExitProcess
WriteConsoleW
GetFileType
GetStdHandle
HeapCreate
HeapFree
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
GetLastError
HeapReAlloc
CloseHandle
HeapAlloc
GetThreadContext
GetCurrentProcessId
FlushInstructionCache
SetThreadContext
OpenThread
VirtualFree
VirtualAlloc
VirtualQuery
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
SetLastError
LoadLibraryExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ReadFile
SetEndOfFile

user32

CreateWindowExA
MessageBoxA
CallWindowProcA
SetWindowLongA
GetAsyncKeyState
GetActiveWindow
GetKeyState
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
DestroyWindow

d3d9

Direct3DCreate9

imm32

ImmSetCandidateWindow
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmAssociateContextEx

Sections

.text
Size: 506KB - Virtual size: 505KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0cbdca504a94b48b7ab652684a0bd5de

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

Sections

.text Size: 202KB - Virtual size: 201KB

.rdata Size: 50KB - Virtual size: 49KB

.data Size: 5KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 9KB - Virtual size: 9KB

29f4d3e01edab1123ff22cde32bbfed2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

17e836fa6f19c09cad0325cb075329e9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 95KB - Virtual size: 94KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 24KB - Virtual size: 24KB

.reloc Size: 5KB - Virtual size: 4KB

5b1947824157a41dec45c53c8139279c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

d3d9

imm32

Sections

.text Size: 506KB - Virtual size: 505KB

.rdata Size: 128KB - Virtual size: 128KB

.data Size: 35KB - Virtual size: 41KB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 21KB - Virtual size: 20KB

.text
Size: 202KB - Virtual size: 201KB

.rdata
Size: 50KB - Virtual size: 49KB

.data
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 95KB - Virtual size: 94KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 24KB - Virtual size: 24KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 506KB - Virtual size: 505KB

.rdata
Size: 128KB - Virtual size: 128KB

.data
Size: 35KB - Virtual size: 41KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 21KB - Virtual size: 20KB