zloader | 97179aa99e2c4d95d226268057774f5431b0763497b7000fe683c91a70a61071[.]zip

General

Target

97179aa99e2c4d95d226268057774f5431b0763497b7000fe683c91a70a61071.zip
Size

84KB
MD5

05160192ad6e4bcbc45927fff9e0a25b
SHA1

67a7b4e0693973ca35082df4f7e92746d48ad7ff
SHA256

4692872bb45ad2bc1057e6794529b346d4a520d9a3d40d075dacb8ddaf722f68
SHA512

2cedbe33f0230221d4219d049165dff5f84e7914ac97f2ee5166b111b3dd443736010f859b78685121f41012a96cae9a6cd2b9d64ec1f401f0cbef1cc323bd8a
SSDEEP

1536:5BiLg2ecTIToZAiMBb3PM++6Xnlic9DKfRdRwhELXmjJdacZW/KCbXLmwLi7:5BiDecUTvieb3PM/6XnlpD0z7IrZ2iws

Score

10^/10

r1 r1 zloader

Malware Config

Extracted

Family

zloader

Botnet

r1

Campaign

r1

C2

https://notsweets.net/LKhwojehDgwegSDG/gateJKjdsh.php

https://olpons.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://karamelliar.org/LKhwojehDgwegSDG/gateJKjdsh.php

https://dogrunn.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://azoraz.net/LKhwojehDgwegSDG/gateJKjdsh.php

Attributes

build_id
125

rc4.plain

rsa_pubkey.plain

Signatures

Zloader family
zloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/97179aa99e2c4d95d226268057774f5431b0763497b7000fe683c91a70a61071.exe

Files

97179aa99e2c4d95d226268057774f5431b0763497b7000fe683c91a70a61071.zip
.zip

Password: infected
97179aa99e2c4d95d226268057774f5431b0763497b7000fe683c91a70a61071.exe
.exe windows:5 windows x86 arch:x86

a97eebc79fae88ef9e13f637e5ecd081

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateEventW
CreateFileW
DeleteFileW
EnterCriticalSection
ExitThread
GetCommandLineW
GetFileAttributesW
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetTempPathW
HeapAlloc
HeapFree
InitializeCriticalSection
LeaveCriticalSection
ReadFile
ResetEvent
SetEvent
VirtualFree
WaitForSingleObject
WriteFile
lstrcmpW
lstrcmpiW
lstrlenW

user32

AppendMenuW
ClientToScreen
CopyRect
CreateWindowExW
DefWindowProcW
DestroyIcon
DispatchMessageW
DrawTextW
EnableMenuItem
EnableWindow
FillRect
GetClassNameW
GetFocus
GetMessageA
GetParent
GetSysColor
GetSysColorBrush
GetSystemMetrics
GetWindowLongW
InflateRect
InsertMenuItemW
IsIconic
LoadCursorW
LoadImageW
MapWindowPoints
MessageBoxW
MoveWindow
RedrawWindow
ReleaseCapture
ScreenToClient
SetCapture
SetDlgItemInt
SetPropW
SetTimer
SetWindowPos
ShowWindow
TranslateMessage

gdi32

CreateSolidBrush
EqualRgn
ExtCreatePen
GetObjectA
GetRgnBox

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

a97eebc79fae88ef9e13f637e5ecd081

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: 129KB - Virtual size: 129KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 10KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 129KB - Virtual size: 129KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 10KB

.reloc
Size: 4KB - Virtual size: 3KB