inject[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

inject.7z
Size

567KB
MD5

a90df362c8e9554ae21f48f54dd166a4
SHA1

e157381ff8a8dbd3202cec2763a6f5787c9510cf
SHA256

8140b5f3e1ddffbbc92b161a675214f0aab3ed08937c7e2025c63d290c1afa2b
SHA512

81070f421b8ec80aaa1aacbcb2a44998c85a248a1157fd196ef112b6ccf4ef5c9a5adb450be58d3688dea9eb501995c0afd686b2ffcd290b821026ab5f3528f7
SSDEEP

12288:rwvxwO7zpIPsJDvJxXqOna/PxgBkyIMcQQLOBPfnJEaOOShq:svxZpIsDvJx6b/PXyOOthEaIc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/inject.dll

Files

inject.7z
.7z

Password: infected
inject.dll
.dll windows:6 windows x64 arch:x64

Password: infected

45f78797e3692c74693143df6467dc47

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

inject.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressSingle
WakeByAddressAll

bcrypt

BCryptGenRandom

advapi32

SystemFunction036

kernel32

WaitForSingleObject
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetCurrentThreadId
SetFileInformationByHandle
GetCurrentProcess
DuplicateHandle
GetCurrentThread
GetSystemTimeAsFileTime
FormatMessageW
LoadLibraryExA
HeapFree
GetProcessHeap
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
AllocConsole
GetStdHandle
DisableThreadLibraryCalls
WriteFileEx
SleepEx
GetExitCodeProcess
SetThreadStackGuarantee
HeapReAlloc
lstrlenW
ReleaseMutex
HeapAlloc
OpenThread
IsProcessorFeaturePresent
Thread32Next
Thread32First
GetConsoleMode
CreateToolhelp32Snapshot
GetCurrentProcessId
VirtualProtect
GetModuleHandleW
GetModuleFileNameW
CreateNamedPipeW
ReadFileEx
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
CreateThread
GetFullPathNameW
GetModuleHandleA
GetProcAddress
VirtualAlloc
CloseHandle
CompareStringOrdinal
DeleteProcThreadAttributeList
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
CreateFileW
FreeEnvironmentStringsW

ntdll

NtSetInformationThread
RtlNtStatusToDosError
NtWriteFile

oleaut32

SysFreeString
SysStringLen

vcruntime140

__C_specific_handler
_CxxThrowException
memcpy
memcmp
__CxxFrameHandler3
__std_type_info_destroy_list
memset
memmove

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_seh_filter_dll
_initterm
_cexit
_execute_onexit_table
_initterm_e

api-ms-win-crt-heap-l1-1-0

free

Exports

Exports

DllMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 773KB - Virtual size: 773KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

45f78797e3692c74693143df6467dc47

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

bcrypt

advapi32

kernel32

ntdll

oleaut32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 773KB - Virtual size: 773KB

.data Size: 512B - Virtual size: 896B

.pdata Size: 42KB - Virtual size: 42KB

.reloc Size: 23KB - Virtual size: 22KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 773KB - Virtual size: 773KB

.data
Size: 512B - Virtual size: 896B

.pdata
Size: 42KB - Virtual size: 42KB

.reloc
Size: 23KB - Virtual size: 22KB