Original[.]zip

Resubmissions

07/09/2024, 15:02

240907-sethts1gmb 3

Sharing

Copy URL Twitter E-mail

General

Target

Original.zip
Size

55.6MB
MD5

3d5519a074b76c3670a331a2bd3bbd8c
SHA1

03f7822ff2985c877ec17ddf1003edd206a33c9f
SHA256

d637003206fbef1123a7a642217e0ffb457049aec81399625a2414457aa0c2fc
SHA512

fc7ba99d08febb1ca02ab81cb81e252a6f76b184eac8400c135d309198f802d835a3c1a7e46e3ab07951dd16628dcabd6452af644d53872379c8c937c07b4a63
SSDEEP

786432:1N8MHdMn68rT0RUbcXfXGd2QtKUc8oN8MHdMn68rT0RUbcXfXGd2QtKUc8p:1N8YdZQTy29KUcRN8YdZQTy29KUcS

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/9G52E6IUM6L870TP.com
unpack001/smg-client.com

Files

Original.zip
.zip
9G52E6IUM6L870TP.com
.exe windows:6 windows x64 arch:x64

75ae3f8611f31a036b88afc66d4c2bf4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\suga\Desktop\Projects\loader_new_serv\build\Release\x64\loader.pdb

Imports

kernel32

WriteConsoleW
HeapSize
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
HeapReAlloc
GetTimeZoneInformation
SetStdHandle
GetFileSizeEx
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
TerminateProcess
OpenProcess
GetStdHandle
SetConsoleTextAttribute
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
QueryPerformanceCounter
FreeLibrary
GetProcAddress
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetFilePointerEx
HeapFree
HeapAlloc
GetModuleFileNameW
FreeLibraryAndExitThread
ExitThread
CreateThread
SetConsoleCtrlHandler
DeleteFileW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
SetEndOfFile
ExitProcess
ReadFile
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
RaiseException
RtlPcToFileHeader
RtlUnwindEx
GetCPInfo
CompareStringEx
LCMapStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
InitOnceBeginInitialize
InitOnceComplete
QueryPerformanceFrequency
LoadLibraryA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
GetFileType
WriteFile
GetLastError
GetModuleHandleW
GetSystemDirectoryA
FormatMessageA
SetLastError
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
Sleep
GetEnvironmentVariableW
GetModuleHandleExW
VirtualFree
GetACP
SwitchToFiber
DeleteFiber
CreateFiberEx
GetCurrentProcessId
GetSystemTimeAsFileTime
CloseHandle
LoadLibraryW
ConvertFiberToThread
ConvertThreadToFiberEx
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
WaitForSingleObject
GetExitCodeThread
CreateSemaphoreA
GetSystemTime
SystemTimeToFileTime
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
FindClose
FindFirstFileW
FindNextFileW
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
TryAcquireSRWLockExclusive
LocalFree
GetLocaleInfoEx
GetCurrentDirectoryW
CreateFileW
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
AreFileApisANSI
GetFileInformationByHandleEx
GetStringTypeW
RtlUnwind

user32

ScreenToClient
LoadCursorA
GetKeyState
ShowWindow
UpdateWindow
RegisterClassExA
GetDesktopWindow
UnregisterClassA
ClientToScreen
DefWindowProcA
SetWindowPos
DestroyWindow
GetWindowRect
GetWindowThreadProcessId
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
GetCapture
GetClientRect
ReleaseCapture
SetCursorPos
IsChild
TrackMouseEvent
GetForegroundWindow
SetCapture
CreateWindowExA
SetClipboardData
GetCursorPos
SetCursor
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard

oleaut32

SysFreeString
SysAllocString
SysStringLen

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx

ntdll

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

gdiplus

GdipAlloc
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipSaveImageToStream
GdipFree
GdipCloneImage

ws2_32

WSAGetLastError
setsockopt
getnameinfo
getservbyname
ioctlsocket
freeaddrinfo
getsockopt
recv
connect
ntohs
sendto
socket
send
getsockname
getpeername
WSAStartup
getaddrinfo
inet_pton
WSASocketW
shutdown
select
closesocket
__WSAFDIsSet
WSACleanup
WSASetLastError
htonl
htons
inet_addr
inet_ntoa
gethostbyaddr
gethostbyname
getservbyport
recvfrom

crypt32

CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertOpenSystemStoreW

advapi32

DeregisterEventSource
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptGenRandom
RegisterEventSourceW

Sections

.smg
Size: - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.smg
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.smg
Size: - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.smg
Size: - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.smg
Size: - Virtual size: 18.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.smg
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.smg
Size: 32.1MB - Virtual size: 32.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.smg
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.smg
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
smg-client.com
.exe windows:6 windows x64 arch:x64

75ae3f8611f31a036b88afc66d4c2bf4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\suga\Desktop\Projects\loader_new_serv\build\Release\x64\loader.pdb

Imports

kernel32

WriteConsoleW
HeapSize
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
HeapReAlloc
GetTimeZoneInformation
SetStdHandle
GetFileSizeEx
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
TerminateProcess
OpenProcess
GetStdHandle
SetConsoleTextAttribute
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
QueryPerformanceCounter
FreeLibrary
GetProcAddress
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetFilePointerEx
HeapFree
HeapAlloc
GetModuleFileNameW
FreeLibraryAndExitThread
ExitThread
CreateThread
SetConsoleCtrlHandler
DeleteFileW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
SetEndOfFile
ExitProcess
ReadFile
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
RaiseException
RtlPcToFileHeader
RtlUnwindEx
GetCPInfo
CompareStringEx
LCMapStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
InitOnceBeginInitialize
InitOnceComplete
QueryPerformanceFrequency
LoadLibraryA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
GetFileType
WriteFile
GetLastError
GetModuleHandleW
GetSystemDirectoryA
FormatMessageA
SetLastError
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
Sleep
GetEnvironmentVariableW
GetModuleHandleExW
VirtualFree
GetACP
SwitchToFiber
DeleteFiber
CreateFiberEx
GetCurrentProcessId
GetSystemTimeAsFileTime
CloseHandle
LoadLibraryW
ConvertFiberToThread
ConvertThreadToFiberEx
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
WaitForSingleObject
GetExitCodeThread
CreateSemaphoreA
GetSystemTime
SystemTimeToFileTime
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
FindClose
FindFirstFileW
FindNextFileW
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
TryAcquireSRWLockExclusive
LocalFree
GetLocaleInfoEx
GetCurrentDirectoryW
CreateFileW
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
AreFileApisANSI
GetFileInformationByHandleEx
GetStringTypeW
RtlUnwind

user32

ScreenToClient
LoadCursorA
GetKeyState
ShowWindow
UpdateWindow
RegisterClassExA
GetDesktopWindow
UnregisterClassA
ClientToScreen
DefWindowProcA
SetWindowPos
DestroyWindow
GetWindowRect
GetWindowThreadProcessId
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
GetCapture
GetClientRect
ReleaseCapture
SetCursorPos
IsChild
TrackMouseEvent
GetForegroundWindow
SetCapture
CreateWindowExA
SetClipboardData
GetCursorPos
SetCursor
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard

oleaut32

SysFreeString
SysAllocString
SysStringLen

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx

ntdll

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

gdiplus

GdipAlloc
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipSaveImageToStream
GdipFree
GdipCloneImage

ws2_32

WSAGetLastError
setsockopt
getnameinfo
getservbyname
ioctlsocket
freeaddrinfo
getsockopt
recv
connect
ntohs
sendto
socket
send
getsockname
getpeername
WSAStartup
getaddrinfo
inet_pton
WSASocketW
shutdown
select
closesocket
__WSAFDIsSet
WSACleanup
WSASetLastError
htonl
htons
inet_addr
inet_ntoa
gethostbyaddr
gethostbyname
getservbyport
recvfrom

crypt32

CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertOpenSystemStoreW

advapi32

DeregisterEventSource
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptGenRandom
RegisterEventSourceW

Sections

.smg
Size: - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.smg
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.smg
Size: - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.smg
Size: - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.smg
Size: - Virtual size: 18.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.smg
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.smg
Size: 32.1MB - Virtual size: 32.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.smg
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.smg
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

75ae3f8611f31a036b88afc66d4c2bf4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

oleaut32

imm32

d3d9

d3dx9_43

ntdll

gdiplus

ws2_32

crypt32

advapi32

Sections

.smg Size: - Virtual size: 4.4MB

.smg Size: - Virtual size: 1.0MB

.smg Size: - Virtual size: 432KB

.smg Size: - Virtual size: 167KB

.smg Size: - Virtual size: 18.6MB

.smg Size: 2KB - Virtual size: 2KB

.smg Size: 32.1MB - Virtual size: 32.1MB

.smg Size: 512B - Virtual size: 480B

.smg Size: 512B - Virtual size: 212B

75ae3f8611f31a036b88afc66d4c2bf4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

oleaut32

imm32

d3d9

d3dx9_43

ntdll

gdiplus

ws2_32

crypt32

advapi32

Sections

.smg Size: - Virtual size: 4.4MB

.smg Size: - Virtual size: 1.0MB

.smg Size: - Virtual size: 432KB

.smg Size: - Virtual size: 167KB

.smg Size: - Virtual size: 18.6MB

.smg Size: 2KB - Virtual size: 2KB

.smg Size: 32.1MB - Virtual size: 32.1MB

.smg Size: 512B - Virtual size: 480B

.smg Size: 512B - Virtual size: 212B

.smg
Size: - Virtual size: 4.4MB

.smg
Size: - Virtual size: 1.0MB

.smg
Size: - Virtual size: 432KB

.smg
Size: - Virtual size: 167KB

.smg
Size: - Virtual size: 18.6MB

.smg
Size: 2KB - Virtual size: 2KB

.smg
Size: 32.1MB - Virtual size: 32.1MB

.smg
Size: 512B - Virtual size: 480B

.smg
Size: 512B - Virtual size: 212B

.smg
Size: - Virtual size: 4.4MB

.smg
Size: - Virtual size: 1.0MB

.smg
Size: - Virtual size: 432KB

.smg
Size: - Virtual size: 167KB

.smg
Size: - Virtual size: 18.6MB

.smg
Size: 2KB - Virtual size: 2KB

.smg
Size: 32.1MB - Virtual size: 32.1MB

.smg
Size: 512B - Virtual size: 480B

.smg
Size: 512B - Virtual size: 212B