v2[.]1[.]3[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

v2.1.3.rar
Size

12.3MB
MD5

624c442ee7e5fc8457221244cf11de63
SHA1

9bd84f39b9334daf75bce0cbf46c4a5fec8df188
SHA256

ada56b0341f07442cf71b9ae1f3c7c822e7d2982d47ad20820642ea299ca4014
SHA512

665df596d5d08239a03f3b6ec6eb8bbeb8be7848dbb3cbe8e2fa2a147b0ea2c448c4022303609a27936c4b1522450c1b4cb54d79a345a3fdf3ad5cf4f496a849
SSDEEP

196608:Aafq2r1MdmWYv9R6dkIcUA1x6e7OfUyz7uQgLR6DpG7f/GE2gNcXdZ4WrD5u:AY82ckfV8tfUKtgay/nNujrD5u

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/v2.1.3/Medal.exe
unpack001/v2.1.3/Sentinal.dll

Files

v2.1.3.rar
.rar
v2.1.3/Medal.exe
.exe windows:6 windows x64 arch:x64

a02e594d522716cfde572fb3f7784069

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_43

D3DCompile

kernel32

GetCurrentProcess
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

GetWindowRect

gdi32

CreateSolidBrush

advapi32

RegSetValueExA

shell32

SHGetFolderPathW

msvcp140

?_Winerror_map@std@@YAHH@Z

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

ntdll

RtlInitAnsiString

dbghelp

ImageRvaToVa

imm32

ImmSetCompositionWindow

dwmapi

DwmExtendFrameIntoClientArea

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcmp

api-ms-win-crt-heap-l1-1-0

_callnewh

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv

api-ms-win-crt-stdio-l1-1-0

__p__commode

api-ms-win-crt-math-l1-1-0

cosf

api-ms-win-crt-convert-l1-1-0

strtod

api-ms-win-crt-filesystem-l1-1-0

_unlock_file

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-string-l1-1-0

_stricmp

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: - Virtual size: 926KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.2I2
Size: - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.:Az
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.1~{
Size: 8.5MB - Virtual size: 8.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
v2.1.3/Sentinal.dll
.dll windows:6 windows x64 arch:x64

826ef16799ff27bb9b68f910d876b3b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

getaddrinfo

wldap32

ord41

crypt32

CertFreeCertificateContext

advapi32

ReportEventW
RegCloseKey

kernel32

WideCharToMultiByte
GetModuleHandleA

user32

MessageBoxA
DefWindowProcW

shell32

ShellExecuteA
SHGetDiskFreeSpaceA

shlwapi

PathFindFileNameA

userenv

UnloadUserProfile

rpcrt4

RpcStringFreeA

bcrypt

BCryptGenRandom

imagehlp

ImageNtHeader

wintrust

WinVerifyTrust

Exports

Exports

s_activate
s_filestream
s_get_expiry
s_get_level
s_get_response
s_get_username
s_init
s_log
s_login
s_registr
s_token
s_var

Sections

.rsrc
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 772KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a02e594d522716cfde572fb3f7784069

Headers

DLL Characteristics

File Characteristics

Imports

d3d11

d3dcompiler_43

kernel32

user32

gdi32

advapi32

shell32

msvcp140

d3dx11_43

ntdll

dbghelp

imm32

dwmapi

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: - Virtual size: 926KB

.rdata Size: - Virtual size: 273KB

.data Size: - Virtual size: 20KB

.pdata Size: - Virtual size: 40KB

.2I2 Size: - Virtual size: 6.7MB

.:Az Size: 4KB - Virtual size: 4KB

.1~{ Size: 8.5MB - Virtual size: 8.5MB

.rsrc Size: 214KB - Virtual size: 214KB

826ef16799ff27bb9b68f910d876b3b2

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

crypt32

advapi32

kernel32

user32

shell32

shlwapi

userenv

rpcrt4

bcrypt

imagehlp

wintrust

Exports

Exports

Sections

.rsrc Size: - Virtual size: 2.3MB

.rdata Size: - Virtual size: 772KB

.reloc Size: - Virtual size: 64KB

.reloc Size: - Virtual size: 104KB

.reloc Size: 30KB - Virtual size: 32KB

.pdata Size: - Virtual size: 6.4MB

.pdata Size: 114KB - Virtual size: 114KB

.text
Size: - Virtual size: 926KB

.rdata
Size: - Virtual size: 273KB

.data
Size: - Virtual size: 20KB

.pdata
Size: - Virtual size: 40KB

.2I2
Size: - Virtual size: 6.7MB

.:Az
Size: 4KB - Virtual size: 4KB

.1~{
Size: 8.5MB - Virtual size: 8.5MB

.rsrc
Size: 214KB - Virtual size: 214KB

.rsrc
Size: - Virtual size: 2.3MB

.rdata
Size: - Virtual size: 772KB

.reloc
Size: - Virtual size: 64KB

.reloc
Size: - Virtual size: 104KB

.reloc
Size: 30KB - Virtual size: 32KB

.pdata
Size: - Virtual size: 6.4MB

.pdata
Size: 114KB - Virtual size: 114KB