upload2[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

upload2.zip
Size

392KB
MD5

65fea9439e3132869d3eb3a71bb9d559
SHA1

0b1a490c2b5d023f9c74757c2baa22ad9c278b60
SHA256

b6194b3b1152f87d01b6b6b5e66ff53bbcd94720f08907eb6916ffc5c66715a2
SHA512

ac15a2c15f2980caf58589e4c31d49aa3386b4bd482deb9fea3ef89e97182cda1c445efb2afa14104f192e757f7be715e4febc4025bf8d54bb40068bcc054ab8
SSDEEP

6144:HvwahOg1u4QHeRIWh3TxwuQD17ZXVhpo9R8oIUx0IvCZIiIKdYgavN:PZXQe6q91cpXmDIZ/Z9aP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/apiresolve.bin

Files

upload2.zip
.zip
apiresolve.bin
.dll windows:6 windows x64 arch:x64

190dbc4e985a148e5993f5a36e35a7ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetFileSize
CloseHandle
CreateFileW
CreateFileA
GetModuleHandleA
WaitForSingleObject
SetFilePointer
ReadFile
CreateSemaphoreA
ExitProcess
WriteConsoleW
GetLastError
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetCurrentProcess
TerminateProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx

advapi32

CryptAcquireContextW
CryptDecrypt
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptDestroyKey

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
daae7fe2-d6de-4b16-b773-9f7d572f7f8.tmp

Sharing

General

Malware Config

Signatures

Files

190dbc4e985a148e5993f5a36e35a7ac

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 61KB - Virtual size: 61KB

.rdata Size: 40KB - Virtual size: 40KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 61KB - Virtual size: 61KB

.rdata
Size: 40KB - Virtual size: 40KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 2KB - Virtual size: 1KB