zcb3[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

zcb3.exe
Size

10.9MB
MD5

8fddfc3d839bcc1236b149bfa02b15af
SHA1

bd0d415c63198219c19b7877b6c981700e6d521e
SHA256

1130370fcc27854f951bcde0e0cf3f01bae36e7d7fc61aeeb137648295a7305e
SHA512

761bf27e1d33137d95b24b2cda4c3957ae02c6508f47350444f037d4b0062cbbecd71bb13d641a6c256ceafd92783c19b7686f77af93b16fe095300d678487e1
SSDEEP

98304:JriQJxPrMsUnaHH1mtySIITQv9T/YhlDidwGgR7Aigi5Nbl1UHloG++o3HM+Q/:Jr/85ySdKt/aGgBwi5SF89Q/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
zcb3.exe

Files

zcb3.exe
.exe windows:6 windows x64 arch:x64

64b25c51ed3150a2427d005e59795d6f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

PDB Paths

zcb3.pdb

Imports

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
WaitOnAddress
WakeByAddressSingle

bcryptprimitives

ProcessPrng

bcrypt

BCryptGenRandom

advapi32

SystemFunction036
ImpersonateAnonymousToken
RevertToSelf

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeSListHead
GetProcAddress
SwitchToThread
GetCurrentThread
GetSystemTimeAsFileTime
AddVectoredExceptionHandler
FreeConsole
DeleteFileW
SetFilePointerEx
GetLastError
QueryPerformanceCounter
GetExitCodeProcess
HeapReAlloc
GlobalLock
GlobalSize
GlobalUnlock
WaitForSingleObject
MultiByteToWideChar
GlobalAlloc
IsProcessorFeaturePresent
CloseHandle
GlobalFree
GetStdHandle
GetConsoleMode
HeapFree
SetConsoleMode
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
FindClose
IsDebuggerPresent
GetSystemTimePreciseAsFileTime
GetCurrentThreadId
FreeLibrary
SetThreadErrorMode
LoadLibraryExW
LoadLibraryW
SetThreadStackGuarantee
GetFileType
CopyFileExW
MoveFileExW
GetProcessHeap
GetSystemInfo
Sleep
GetModuleHandleA
HeapAlloc
WriteFileEx
SleepEx
ReadFileEx
CreateThread
GetModuleFileNameW
GetCommandLineW
CreateNamedPipeW
LocalFree
CreateProcessA
ExitProcess
CreateFileW
GetCurrentProcess
DuplicateHandle
SetLastError
GetFinalPathNameByHandleW
DeleteProcThreadAttributeList
WriteConsoleW
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceFrequency
GetModuleHandleW
FormatMessageW
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
lstrlenW
GetCurrentProcessId
CreateMutexA
ReleaseMutex
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetEnvironmentVariableW
GetTempPathW
SetFileInformationByHandle
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
FindNextFileW
CreateDirectoryW
FindFirstFileW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
GetFileAttributesW
CreateProcessW
GetWindowsDirectoryW
SetHandleInformation
GetSystemDirectoryW
CompareStringOrdinal
FreeEnvironmentStringsW
GetEnvironmentStringsW
TerminateProcess

ntdll

NtCreateFile
RtlNtStatusToDosError
NtReadFile
NtWriteFile

user32

GetSystemMenu
EnableMenuItem
SetWindowLongW
GetWindowLongW
AdjustWindowRectEx
GetClipCursor
ClipCursor
ShowCursor
ToUnicodeEx
GetKeyboardLayout
PostMessageW
ShowWindow
GetPropW
MapVirtualKeyExW
SetWindowLongPtrW
FlashWindowEx
GetForegroundWindow
SetPropW
GetClassNameW
RegisterWindowMessageA
DestroyIcon
CloseClipboard
SetWindowTextW
SetCursorPos
GetWindowTextW
GetWindowTextLengthW
GetWindowRect
SystemParametersInfoA
EmptyClipboard
OpenClipboard
GetClipboardData
IsClipboardFormatAvailable
ValidateRect
GetRawInputData
DispatchMessageW
TranslateMessage
KillTimer
SetTimer
GetMessageW
RegisterRawInputDevices
GetClassInfoExW
CallWindowProcW
RemovePropW
EnumDisplayMonitors
GetCursorPos
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
TrackMouseEvent
ReleaseCapture
SetCapture
MonitorFromRect
SetCursor
LoadCursorW
DestroyWindow
GetMenu
ClientToScreen
RedrawWindow
SetWindowPlacement
GetWindowPlacement
ChangeDisplaySettingsExW
GetMonitorInfoW
IsProcessDPIAware
GetKeyState
GetAsyncKeyState
GetKeyboardState
InvalidateRgn
SetWindowPos
SetClipboardData
DefWindowProcW
RegisterTouchWindow
SetWindowDisplayAffinity
PeekMessageW
CreateIcon
SetForegroundWindow
SendInput
MapVirtualKeyW
MonitorFromWindow
CreateWindowExW
RegisterClassExW
MonitorFromPoint
GetDC
GetWindowLongPtrW
CreateIconFromResourceEx
IsIconic
GetClientRect
SendMessageW
GetSystemMetrics
GetActiveWindow
ReleaseDC

uiautomationcore

UiaRaiseAutomationEvent
UiaGetReservedNotSupportedValue
UiaReturnRawElementProvider
UiaLookupId
UiaHostProviderFromHwnd
UiaRaiseAutomationPropertyChangedEvent

oleaut32

SysFreeString
SysStringLen
SafeArrayPutElement
SetErrorInfo
SafeArrayCreateVector
SysAllocStringLen
GetErrorInfo

opengl32

wglMakeCurrent
wglShareLists
wglDeleteContext
wglGetProcAddress
wglGetCurrentContext
wglCreateContext
wglGetCurrentDC

gdi32

SetPixelFormat
GetDeviceCaps
CreateRectRgn
ChoosePixelFormat
SwapBuffers
DeleteObject
DescribePixelFormat

dwmapi

DwmEnableBlurBehindWindow

imm32

ImmSetCompositionWindow
ImmGetCompositionStringW
ImmSetCandidateWindow
ImmGetContext
ImmAssociateContextEx
ImmReleaseContext

ole32

CoInitializeEx
CoUninitialize
RevokeDragDrop
CoCreateInstance
CoTaskMemFree
OleInitialize
RegisterDragDrop

shlwapi

AssocQueryStringW

shell32

CommandLineToArgvW
DragQueryFileW
DragFinish
SHCreateItemFromParsingName

ws2_32

WSASend
select
ioctlsocket
freeaddrinfo
connect
getaddrinfo
WSAGetLastError
WSAStartup
WSACleanup
WSASocketW
closesocket
getsockopt
setsockopt
recv
send
WSADuplicateSocketW
getsockname
getpeername
WSARecv

uxtheme

SetWindowTheme

vcruntime140

memcpy
memcmp
__CxxFrameHandler3
memmove
__current_exception
memset
__C_specific_handler
_CxxThrowException
__current_exception_context

api-ms-win-crt-math-l1-1-0

pow
ceilf
round
asin
fmodf
fmod
floorf
cos
floor
roundf
log1p
cbrtf
cosf
exp2f
sinf
trunc
tan
acos
cosh
tanh
truncf
sin
atan
exp2
_hypot
expf
atan2f
powf
sinh
ceil
log
__setusermatherr
_hypotf
log10
log2
acosf

api-ms-win-crt-string-l1-1-0

strlen
wcslen

api-ms-win-crt-convert-l1-1-0

_wtoi64

api-ms-win-crt-runtime-l1-1-0

_cexit
_c_exit
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
__p___argc
_initialize_onexit_table
_register_onexit_function
_set_app_type
_seh_filter_exe
_crt_atexit
terminate
_register_thread_local_exe_atexit_callback
__p___argv

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 7.2MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 586KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64b25c51ed3150a2427d005e59795d6f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

bcrypt

advapi32

kernel32

ntdll

user32

uiautomationcore

oleaut32

opengl32

gdi32

dwmapi

imm32

ole32

shlwapi

shell32

ws2_32

uxtheme

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 7.2MB - Virtual size: 7.2MB

.rdata Size: 3.5MB - Virtual size: 3.5MB

.data Size: 3KB - Virtual size: 586KB

.pdata Size: 212KB - Virtual size: 212KB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 30KB - Virtual size: 30KB

.text
Size: 7.2MB - Virtual size: 7.2MB

.rdata
Size: 3.5MB - Virtual size: 3.5MB

.data
Size: 3KB - Virtual size: 586KB

.pdata
Size: 212KB - Virtual size: 212KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 30KB - Virtual size: 30KB