inject[.]7z | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

inject.7z
Size

568KB
MD5

43bdd8a6f7e18b476033dddfe6157559
SHA1

e3b2c4238e22c4af208752885830fae50249fcbd
SHA256

e25c92c7c4ebef1d0884a95e12a885cf4274b553d5fe369c873fcf6a54bc272d
SHA512

58ee07d8b9d06da2fb6f3dc2ccfd7fedb085ea0b79fbd20386cca6d2b4fb5e5996d8e5a0e7aa99430d974f158778ab71bc56b8122047487e2ce9c392a68965c3
SSDEEP

12288:gdeh6ZAdgZWdH4oht6LXssWPhxYkmbrH6nsBzi1O+boMXZG7+Wzo+KUpPyo9F:GrZAeZWdH4oMXsTcRrLBzYO+bVX41o4v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/inject.dll

Files

inject.7z
.7z

Password: infected
inject.dll
.dll windows:6 windows x64 arch:x64

Password: infected

a1b866a2f8f3e910254b8b12c8f035bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

inject.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressSingle
WakeByAddressAll

bcrypt

BCryptGenRandom

advapi32

SystemFunction036

kernel32

WaitForSingleObject
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetCurrentThreadId
SetFileInformationByHandle
GetCurrentProcess
DuplicateHandle
GetCurrentThread
GetSystemTimeAsFileTime
FormatMessageW
LoadLibraryExA
InitializeSListHead
IsDebuggerPresent
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
GetProcessHeap
DisableThreadLibraryCalls
GetStdHandle
AllocConsole
WriteFileEx
SleepEx
GetExitCodeProcess
SetThreadStackGuarantee
HeapReAlloc
lstrlenW
ReleaseMutex
HeapAlloc
OpenThread
IsProcessorFeaturePresent
Thread32Next
Thread32First
GetConsoleMode
CreateToolhelp32Snapshot
GetCurrentProcessId
VirtualProtect
GetModuleHandleW
GetModuleFileNameW
CreateNamedPipeW
ReadFileEx
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
CreateThread
GetFullPathNameW
GetModuleHandleA
GetProcAddress
VirtualAlloc
CloseHandle
CompareStringOrdinal
DeleteProcThreadAttributeList
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
CreateFileW
FreeEnvironmentStringsW

ntdll

NtSetInformationThread
RtlNtStatusToDosError
NtWriteFile

oleaut32

SysStringLen
SysFreeString

vcruntime140

__C_specific_handler
_CxxThrowException
memcpy
memcmp
__CxxFrameHandler3
__std_type_info_destroy_list
memset
memmove

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_seh_filter_dll
_cexit
_initterm
_execute_onexit_table
_initterm_e

api-ms-win-crt-heap-l1-1-0

free

Exports

Exports

DllMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 775KB - Virtual size: 774KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

a1b866a2f8f3e910254b8b12c8f035bb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

bcrypt

advapi32

kernel32

ntdll

oleaut32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 775KB - Virtual size: 774KB

.data Size: 512B - Virtual size: 896B

.pdata Size: 42KB - Virtual size: 42KB

.reloc Size: 23KB - Virtual size: 22KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 775KB - Virtual size: 774KB

.data
Size: 512B - Virtual size: 896B

.pdata
Size: 42KB - Virtual size: 42KB

.reloc
Size: 23KB - Virtual size: 22KB