24[.]7[.]3 pass is 1[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

24.7.3 pass is 1.zip
Size

8.1MB
MD5

79ed9bab4d6c134899faf41818cb5bcb
SHA1

9de216df71e7fa6969844e12aecf21a1225ce268
SHA256

40e923e966573837a87ba95f3f00fcdbfbf695c5c891ae9fa1be3c89d06a52ed
SHA512

cda39c203ebcef2f19de0e7844797065a2f2d18fe7078b9b6c847ebcc086d253f96569ac9b7b5361b83d9380dfc57ac3fb55a7c28a9480701ca3dbb319f756b8
SSDEEP

196608:IVnyx6pkZFfB2FHt0q2ocAN5CfFBHsDjvoxh+PzDAFr:IIx6mrf2SVCiBakxCzs5

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/injector.exe	pyinstaller

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
static1/unpack001/AsteroidPC.dll	embeds_openssl

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AsteroidPC.dll
unpack001/injector.exe

Files

24.7.3 pass is 1.zip
.zip

Password: 1
AsteroidPC.dll
.dll windows:6 windows x64 arch:x64

Password: 1

7f72652b2644b16741819f00e31a1738

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetACP
RtlVirtualUnwind
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
WaitForSingleObject
GetExitCodeThread
CreateSemaphoreA
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
FormatMessageA
GetSystemTimeAsFileTime
LoadLibraryW
GetSystemTime
SystemTimeToFileTime
ReadConsoleA
ReadConsoleW
FindClose
FindFirstFileW
FindNextFileW
FormatMessageW
GetTickCount
InitializeCriticalSectionEx
SetEvent
CreateEventA
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
ReadFile
SetLastError
WaitForMultipleObjects
SleepEx
VerSetConditionMask
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
HeapSize
DeleteFileW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetEndOfFile
GetFileAttributesExW
GetFullPathNameW
GetCurrentDirectoryW
SetStdHandle
GetTimeZoneInformation
ResumeThread
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
CreateThread
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetConsoleOutputCP
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
GetEnvironmentVariableW
MultiByteToWideChar
GetLastError
WriteFile
GetFileType
AllocConsole
FreeLibraryAndExitThread
ExitThread
SetConsoleCtrlHandler
PeekNamedPipe
WideCharToMultiByte
ExitProcess
WriteConsoleW
GetModuleFileNameW
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
GetCPInfo
RtlUnwind
GetStringTypeW
LCMapStringEx
DecodePointer
EncodePointer
DisableThreadLibraryCalls
SuspendThread
GetCurrentThreadId
Thread32First
Thread32Next
GetCurrentProcess
HeapFree
VirtualProtect
HeapCreate
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualFree
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
QueryPerformanceFrequency
GetConsoleMode
OpenProcess
SetConsoleMode
WriteConsoleA
GetStdHandle
SetConsoleTitleA
OpenThread
SetThreadContext
FlushInstructionCache
GetModuleHandleW
GetCurrentProcessId
GetThreadContext
HeapAlloc
CloseHandle
HeapReAlloc
Sleep
GetTimeFormatW
CreateToolhelp32Snapshot
GlobalUnlock
GlobalLock
GlobalFree
OutputDebugStringW
GlobalAlloc

user32

OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetUserObjectInformationW
GetProcessWindowStation
GetWindowThreadProcessId
GetSystemMetrics
GetAsyncKeyState
CallWindowProcA
GetWindowTextA
MessageBoxA
MessageBoxW
SetCursorPos
ReleaseCapture
GetClientRect
SetCursor
SetCapture
GetForegroundWindow
IsChild
ClientToScreen
GetCapture
ScreenToClient
LoadCursorA
GetKeyState
RegisterClassExA
UnregisterClassA
CreateWindowExA
DefWindowProcA
DestroyWindow
ShowCursor
FindWindowA
SetWindowLongPtrA
ClipCursor
GetCursorPos

shell32

ShellExecuteA

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

d3dcompiler_47

D3DCompile

xinput1_4

ord4
ord2

bcrypt

BCryptGenRandom

normaliz

IdnToAscii
IdnToUnicode

ws2_32

ioctlsocket
getsockname
getsockopt
ntohs
select
gethostbyname
WSAStartup
WSACleanup
WSAGetLastError
htons
inet_addr
inet_ntoa
gethostbyaddr
getservbyport
getservbyname
WSASetLastError
send
accept
bind
closesocket
connect
listen
setsockopt
socket
shutdown
getpeername
recvfrom
sendto
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
WSAIoctl
__WSAFDIsSet
getaddrinfo
freeaddrinfo
gethostname
htonl
recv

wldap32

ord211
ord60
ord217
ord50
ord41
ord22
ord45
ord46
ord143
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301

crypt32

CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertOpenSystemStoreW
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateChain

advapi32

CryptReleaseContext
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptGenRandom
CryptAcquireContextA
CryptGetHashParam
CryptHashData
CryptImportKey
CryptEncrypt
CryptAcquireContextW

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
injector.exe
.exe windows:5 windows x64 arch:x64

Password: 1

023abd09c65289e3a2df4aa2b19cccec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

GetWindowThreadProcessId
ShowWindow

kernel32

CreateFileW
GetFinalPathNameByHandleW
CloseHandle
GetModuleFileNameW
CreateSymbolicLinkW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
SetDllDirectoryW
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
GetCurrentProcess
GetCurrentProcessId
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetConsoleWindow
HeapSize
GetLastError
WriteConsoleW
SetEndOfFile
GetExitCodeProcess
TlsGetValue
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetCurrentDirectoryW
FlushFileBuffers
HeapReAlloc
GetFileAttributesExW
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation

advapi32

ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
injector.pyc

Sharing

General

Malware Config

Signatures

Files

Password: 1

Password: 1

7f72652b2644b16741819f00e31a1738

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

imm32

d3dcompiler_47

xinput1_4

bcrypt

normaliz

ws2_32

wldap32

crypt32

advapi32

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 33KB - Virtual size: 59KB

.pdata Size: 143KB - Virtual size: 142KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 45KB - Virtual size: 44KB

Password: 1

023abd09c65289e3a2df4aa2b19cccec

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

advapi32

Sections

.text Size: 172KB - Virtual size: 172KB

.rdata Size: 75KB - Virtual size: 75KB

.data Size: 3KB - Virtual size: 12KB

.pdata Size: 9KB - Virtual size: 8KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 50KB - Virtual size: 50KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 33KB - Virtual size: 59KB

.pdata
Size: 143KB - Virtual size: 142KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 45KB - Virtual size: 44KB

.text
Size: 172KB - Virtual size: 172KB

.rdata
Size: 75KB - Virtual size: 75KB

.data
Size: 3KB - Virtual size: 12KB

.pdata
Size: 9KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 50KB - Virtual size: 50KB

.reloc
Size: 2KB - Virtual size: 1KB