storm_softworks_v1[.]3[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

storm_softworks_v1.3.zip
Size

7.0MB
MD5

eb70579f1134c6263741b4231f09df1e
SHA1

b944362780cb46bf760dbe640bba7f3453273fef
SHA256

c22a84d10fce50883d8a908f73dc0f27747217f915eac78446096c27f52fcbb3
SHA512

3bf89a7c5dd749724f38c833b22ab51976b93f871b171b57e23f58adf4e33707b08e69cfa898334f0f00902da7e9d413385e21cc04d2a9984d253786d208f89c
SSDEEP

196608:qvkt7I4N28JQ4S9dSEhBxfGUM9T/hepuPbLbBxlDAjVboEVtaK:2o7IVOHCPfOT/heidx5ARVx

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Debug/Storm.exe
unpack001/Debug/storm.dll
unpack001/Debug/zstd.dll

Files

storm_softworks_v1.3.zip
.zip
Debug/ICSharpCode.AvalonEdit.xml
.xml
Debug/Storm.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\avtar\Desktop\Storm\Storm\obj\Debug\Storm.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 512KB - Virtual size: 511KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Debug/lib/syntax.xshd
.xml
Debug/scripts/7540891731.txt
Debug/scripts/9390279947.txt
Debug/scripts/dexv3_settings.json
Debug/storm.dll
.dll windows:6 windows x86 arch:x86

7468f3f1a7a383c26988139540a7f984

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SendInput
CharUpperBuffW

zstd

ZSTD_maxCLevel

msvcp140

?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z

wininet

InternetReadFile

vcruntime140

memmove

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table

api-ms-win-crt-filesystem-l1-1-0

_unlock_file

api-ms-win-crt-string-l1-1-0

strcspn

api-ms-win-crt-convert-l1-1-0

strtoul

api-ms-win-crt-math-l1-1-0

_libm_sse2_log10_precise

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

Sections

.text
Size: - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ZXq
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.6G\
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.2{r
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 233B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Debug/zstd.dll
.dll windows:6 windows x86 arch:x86

f773647ec3b2da948e8136060428195c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\avtar\vcpkg\buildtrees\zstd\x86-windows-rel\lib\zstd.pdb

Imports

kernel32

InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
GetLastError
WaitForSingleObject
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent

vcruntime140

_except_handler4_common
memcpy
memset
memmove
__std_type_info_destroy_list

api-ms-win-crt-heap-l1-1-0

malloc
calloc
free

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm
_initialize_onexit_table
_beginthreadex
_errno
_initterm_e

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
fflush
__stdio_common_vfprintf

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-time-l1-1-0

clock

Exports

Exports

ZDICT_addEntropyTablesFromBuffer
ZDICT_finalizeDictionary
ZDICT_getDictHeaderSize
ZDICT_getDictID
ZDICT_getErrorName
ZDICT_isError
ZDICT_optimizeTrainFromBuffer_cover
ZDICT_optimizeTrainFromBuffer_fastCover
ZDICT_trainFromBuffer
ZDICT_trainFromBuffer_cover
ZDICT_trainFromBuffer_fastCover
ZDICT_trainFromBuffer_legacy
ZSTD_CCtxParams_getParameter
ZSTD_CCtxParams_init
ZSTD_CCtxParams_init_advanced
ZSTD_CCtxParams_reset
ZSTD_CCtxParams_setParameter
ZSTD_CCtx_getParameter
ZSTD_CCtx_loadDictionary
ZSTD_CCtx_loadDictionary_advanced
ZSTD_CCtx_loadDictionary_byReference
ZSTD_CCtx_refCDict
ZSTD_CCtx_refPrefix
ZSTD_CCtx_refPrefix_advanced
ZSTD_CCtx_refThreadPool
ZSTD_CCtx_reset
ZSTD_CCtx_setParameter
ZSTD_CCtx_setParametersUsingCCtxParams
ZSTD_CCtx_setPledgedSrcSize
ZSTD_CStreamInSize
ZSTD_CStreamOutSize
ZSTD_DCtx_getParameter
ZSTD_DCtx_loadDictionary
ZSTD_DCtx_loadDictionary_advanced
ZSTD_DCtx_loadDictionary_byReference
ZSTD_DCtx_refDDict
ZSTD_DCtx_refPrefix
ZSTD_DCtx_refPrefix_advanced
ZSTD_DCtx_reset
ZSTD_DCtx_setFormat
ZSTD_DCtx_setMaxWindowSize
ZSTD_DCtx_setParameter
ZSTD_DStreamInSize
ZSTD_DStreamOutSize
ZSTD_adjustCParams
ZSTD_cParam_getBounds
ZSTD_checkCParams
ZSTD_compress
ZSTD_compress2
ZSTD_compressBegin
ZSTD_compressBegin_advanced
ZSTD_compressBegin_usingCDict
ZSTD_compressBegin_usingCDict_advanced
ZSTD_compressBegin_usingDict
ZSTD_compressBlock
ZSTD_compressBound
ZSTD_compressCCtx
ZSTD_compressContinue
ZSTD_compressEnd
ZSTD_compressSequences
ZSTD_compressStream
ZSTD_compressStream2
ZSTD_compressStream2_simpleArgs
ZSTD_compress_advanced
ZSTD_compress_usingCDict
ZSTD_compress_usingCDict_advanced
ZSTD_compress_usingDict
ZSTD_copyCCtx
ZSTD_copyDCtx
ZSTD_createCCtx
ZSTD_createCCtxParams
ZSTD_createCCtx_advanced
ZSTD_createCDict
ZSTD_createCDict_advanced
ZSTD_createCDict_advanced2
ZSTD_createCDict_byReference
ZSTD_createCStream
ZSTD_createCStream_advanced
ZSTD_createDCtx
ZSTD_createDCtx_advanced
ZSTD_createDDict
ZSTD_createDDict_advanced
ZSTD_createDDict_byReference
ZSTD_createDStream
ZSTD_createDStream_advanced
ZSTD_createThreadPool
ZSTD_dParam_getBounds
ZSTD_decodingBufferSize_min
ZSTD_decompress
ZSTD_decompressBegin
ZSTD_decompressBegin_usingDDict
ZSTD_decompressBegin_usingDict
ZSTD_decompressBlock
ZSTD_decompressBound
ZSTD_decompressContinue
ZSTD_decompressDCtx
ZSTD_decompressStream
ZSTD_decompressStream_simpleArgs
ZSTD_decompress_usingDDict
ZSTD_decompress_usingDict
ZSTD_defaultCLevel
ZSTD_endStream
ZSTD_estimateCCtxSize
ZSTD_estimateCCtxSize_usingCCtxParams
ZSTD_estimateCCtxSize_usingCParams
ZSTD_estimateCDictSize
ZSTD_estimateCDictSize_advanced
ZSTD_estimateCStreamSize
ZSTD_estimateCStreamSize_usingCCtxParams
ZSTD_estimateCStreamSize_usingCParams
ZSTD_estimateDCtxSize
ZSTD_estimateDDictSize
ZSTD_estimateDStreamSize
ZSTD_estimateDStreamSize_fromFrame
ZSTD_findDecompressedSize
ZSTD_findFrameCompressedSize
ZSTD_flushStream
ZSTD_frameHeaderSize
ZSTD_freeCCtx
ZSTD_freeCCtxParams
ZSTD_freeCDict
ZSTD_freeCStream
ZSTD_freeDCtx
ZSTD_freeDDict
ZSTD_freeDStream
ZSTD_freeThreadPool
ZSTD_generateSequences
ZSTD_getBlockSize
ZSTD_getCParams
ZSTD_getDecompressedSize
ZSTD_getDictID_fromCDict
ZSTD_getDictID_fromDDict
ZSTD_getDictID_fromDict
ZSTD_getDictID_fromFrame
ZSTD_getErrorCode
ZSTD_getErrorName
ZSTD_getErrorString
ZSTD_getFrameContentSize
ZSTD_getFrameHeader
ZSTD_getFrameHeader_advanced
ZSTD_getFrameProgression
ZSTD_getParams
ZSTD_initCStream
ZSTD_initCStream_advanced
ZSTD_initCStream_srcSize
ZSTD_initCStream_usingCDict
ZSTD_initCStream_usingCDict_advanced
ZSTD_initCStream_usingDict
ZSTD_initDStream
ZSTD_initDStream_usingDDict
ZSTD_initDStream_usingDict
ZSTD_initStaticCCtx
ZSTD_initStaticCDict
ZSTD_initStaticCStream
ZSTD_initStaticDCtx
ZSTD_initStaticDDict
ZSTD_initStaticDStream
ZSTD_insertBlock
ZSTD_isError
ZSTD_isFrame
ZSTD_isSkippableFrame
ZSTD_maxCLevel
ZSTD_mergeBlockDelimiters
ZSTD_minCLevel
ZSTD_nextInputType
ZSTD_nextSrcSizeToDecompress
ZSTD_readSkippableFrame
ZSTD_resetCStream
ZSTD_resetDStream
ZSTD_sizeof_CCtx
ZSTD_sizeof_CDict
ZSTD_sizeof_CStream
ZSTD_sizeof_DCtx
ZSTD_sizeof_DDict
ZSTD_sizeof_DStream
ZSTD_toFlushNow
ZSTD_versionNumber
ZSTD_versionString
ZSTD_writeSkippableFrame

Sections

.text
Size: 440KB - Virtual size: 439KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 512KB - Virtual size: 511KB

.rsrc Size: 163KB - Virtual size: 163KB

.reloc Size: 512B - Virtual size: 12B

7468f3f1a7a383c26988139540a7f984

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

zstd

msvcp140

wininet

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: - Virtual size: 361KB

.rdata Size: - Virtual size: 99KB

.data Size: - Virtual size: 5KB

.ZXq Size: - Virtual size: 3.5MB

.6G\ Size: 2KB - Virtual size: 1KB

.2{r Size: 6.5MB - Virtual size: 6.5MB

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 233B

f773647ec3b2da948e8136060428195c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

Exports

Exports

Sections

.text Size: 440KB - Virtual size: 439KB

.rdata Size: 51KB - Virtual size: 50KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 512KB - Virtual size: 511KB

.rsrc
Size: 163KB - Virtual size: 163KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: - Virtual size: 361KB

.rdata
Size: - Virtual size: 99KB

.data
Size: - Virtual size: 5KB

.ZXq
Size: - Virtual size: 3.5MB

.6G\
Size: 2KB - Virtual size: 1KB

.2{r
Size: 6.5MB - Virtual size: 6.5MB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 233B

.text
Size: 440KB - Virtual size: 439KB

.rdata
Size: 51KB - Virtual size: 50KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB