898b9f4097cabc78feddb846a4e1c80ab7a31bd9006756676907d7d0ae9a8bff

Sharing

Copy URL Twitter E-mail

General

Target

898b9f4097cabc78feddb846a4e1c80ab7a31bd9006756676907d7d0ae9a8bff
Size

47KB
MD5

a1af8aa6a174823a7a59e0cf6df4726e
SHA1

40b3db0bfca4c7e55109ca73620da0435b6fab21
SHA256

898b9f4097cabc78feddb846a4e1c80ab7a31bd9006756676907d7d0ae9a8bff
SHA512

54e396332bbe1f8bb934cf14f0ca35e494d74d986793e215998df587b3b335c6ce83077e702444747b31533fde2cb230196f194d0cabe4b215fa011c614844e3
SSDEEP

768:xCAS6CynSYTr7YSQLKOrHQ89N+nk1oSwjja+Fk5uy5:xPSerzQxTPV1oSaa+Fk5uy5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
898b9f4097cabc78feddb846a4e1c80ab7a31bd9006756676907d7d0ae9a8bff

Files

898b9f4097cabc78feddb846a4e1c80ab7a31bd9006756676907d7d0ae9a8bff
.dll windows:6 windows x64 arch:x64

c598a8e91c77607532438efa62f9f73d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\zlsd0\Desktop\vcpkg\buildtrees\minizip\x64-windows-rel\minizip.pdb

Imports

zlib1

inflateEnd
deflateInit2_
deflateEnd
deflate
get_crc_table
inflateInit2_
crc32
inflate

kernel32

IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
CreateFileA
CreateFileW
ReadFile
SetFilePointer
WriteFile
CloseHandle
GetLastError
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
UnhandledExceptionFilter

vcruntime140

memset
__C_specific_handler
__std_type_info_destroy_list
memcpy

api-ms-win-crt-stdio-l1-1-0

_fseeki64
fwrite
fread
fopen
ferror
fseek
_ftelli64
fclose
ftell

api-ms-win-crt-heap-l1-1-0

malloc
free

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-filesystem-l1-1-0

remove

api-ms-win-crt-runtime-l1-1-0

_cexit
_initterm
_initterm_e
_seh_filter_dll
_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
_configure_narrow_argv

Exports

Exports

call_zopen64
call_zseek64
call_ztell64
fill_fopen64_filefunc
fill_fopen_filefunc
fill_win32_filefunc
fill_win32_filefunc64
fill_win32_filefunc64A
fill_win32_filefunc64W
fill_zlib_filefunc64_32_def_from_filefunc32
unzClose
unzCloseCurrentFile
unzGetCurrentFileInfo
unzGetCurrentFileInfo64
unzGetCurrentFileZStreamPos64
unzGetFilePos
unzGetFilePos64
unzGetGlobalComment
unzGetGlobalInfo
unzGetGlobalInfo64
unzGetLocalExtrafield
unzGetOffset
unzGetOffset64
unzGoToFilePos
unzGoToFilePos64
unzGoToFirstFile
unzGoToNextFile
unzLocateFile
unzOpen
unzOpen2
unzOpen2_64
unzOpen64
unzOpenCurrentFile
unzOpenCurrentFile2
unzOpenCurrentFile3
unzOpenCurrentFilePassword
unzReadCurrentFile
unzRepair
unzSetOffset
unzSetOffset64
unzStringFileNameCompare
unz_copyright
unzeof
unztell
unztell64
win32_close_file_func
win32_error_file_func
win32_open64_file_func
win32_open64_file_funcA
win32_open64_file_funcW
win32_open_file_func
win32_read_file_func
win32_seek64_file_func
win32_seek_file_func
win32_tell64_file_func
win32_tell_file_func
win32_write_file_func
zipClose
zipCloseFileInZip
zipCloseFileInZipRaw
zipCloseFileInZipRaw64
zipOpen
zipOpen2
zipOpen2_64
zipOpen3
zipOpen64
zipOpenNewFileInZip
zipOpenNewFileInZip2
zipOpenNewFileInZip2_64
zipOpenNewFileInZip3
zipOpenNewFileInZip3_64
zipOpenNewFileInZip4
zipOpenNewFileInZip4_64
zipOpenNewFileInZip64
zipRemoveExtraInfoBlock
zipWriteInFileInZip
zip_copyright

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c598a8e91c77607532438efa62f9f73d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

zlib1

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 44B

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 44B