Zorara[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Zorara.dll
Size

14.7MB
MD5

307d88738588c6e92dd314f1def2d948
SHA1

ec91c9edc1fea9fad3a6a07aaab9e1601865674a
SHA256

0b1f2977a3e0d737fd91048379ee2e6277b8b4675091b3f4413dfc2fc9dd8f00
SHA512

f3d020c58fd1b7c8c1c91e59d4699ad05012f5c4ea59cb3c3546aa29e1e90165af13908f6a1461f24c923ff00da15ad26a1c28e6f3c70f24cec71117ebcce67f
SSDEEP

196608:2rqkTIEXyMe4yI0wQ4QtZYyc17EOa8a3BCZadMfs9k4bqwOmJUhpi5v7Q:2rVsEin4ZQ9Zjc9FKxC8ME9nchM58

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Zorara.dll

Files

Zorara.dll
.dll windows:6 windows x64 arch:x64

1918dd44e1d0953258810b897966c79b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

UnmapViewOfFile
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

EnumWindows

advapi32

GetCurrentHwProfileW

ole32

CoCreateGuid

libcrypto-3-x64

EVP_DigestFinal_ex

libssl-3-x64

SSL_set_verify

xxhash

XXH32

zstd

ZSTD_decompress

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z

ws2_32

select

crypt32

CertEnumCertificatesInStore

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo

api-ms-win-crt-math-l1-1-0

atan2

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-stdio-l1-1-0

fread

api-ms-win-crt-string-l1-1-0

strcmp

api-ms-win-crt-filesystem-l1-1-0

_unlock_file

api-ms-win-crt-locale-l1-1-0

localeconv

Exports

Exports

Compilable
Execute
GetClients
Initialize

Sections

.text
Size: - Virtual size: 601KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.m S
Size: - Virtual size: 9.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

. WH
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

..^6
Size: 14.7MB - Virtual size: 14.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1918dd44e1d0953258810b897966c79b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

libcrypto-3-x64

libssl-3-x64

xxhash

zstd

msvcp140

ws2_32

crypt32

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: - Virtual size: 601KB

.rdata Size: - Virtual size: 169KB

.data Size: - Virtual size: 51KB

.pdata Size: - Virtual size: 26KB

.m S Size: - Virtual size: 9.0MB

. WH Size: 5KB - Virtual size: 4KB

..^6 Size: 14.7MB - Virtual size: 14.7MB

.reloc Size: 512B - Virtual size: 296B

.rsrc Size: 512B - Virtual size: 469B

.text
Size: - Virtual size: 601KB

.rdata
Size: - Virtual size: 169KB

.data
Size: - Virtual size: 51KB

.pdata
Size: - Virtual size: 26KB

.m S
Size: - Virtual size: 9.0MB

. WH
Size: 5KB - Virtual size: 4KB

..^6
Size: 14.7MB - Virtual size: 14.7MB

.reloc
Size: 512B - Virtual size: 296B

.rsrc
Size: 512B - Virtual size: 469B