the art of manipulation (extract[.]me)[.]zip

General

Target

the art of manipulation (extract.me).zip
Size

5.7MB
MD5

c550e992a68a786e67c9614c88fd8cb5
SHA1

41c19f270d0bb618fc413b7fa781e39822221175
SHA256

4787aa5a63963b527485408f729d349a0baa5da5512ad4a7af286f1ff6eb749d
SHA512

c0f32f30ac0636a867c106eb366f7c2d8dc0e2d2abe703ff42f13f32e549ccd707fb01779685bf47c544ab986ee2b596e64eb1a5b5f5b5c8728b99e3aeb1dec5
SSDEEP

98304:1FHT179oR4n6Nzg8erG3dxWqGTK0csQ49cpeFh9ep6Nlm3FLHLbiQHhbSGmnY:nTzoOneIGTp0K0zGpM+UwFPjHJ4Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/owned/Athena.dll
unpack001/owned/Athena.exe

Files

the art of manipulation (extract.me).zip
.zip
owned/Athena.dll
.dll windows:6 windows x64 arch:x64

baa93d47220682c04d92f7797d9224ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Exports

Exports

NextHook

Sections

Size: 771KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qjtdgpdn
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

surkxybg
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 57KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
owned/Athena.exe
.exe windows:6 windows x64 arch:x64

baa93d47220682c04d92f7797d9224ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Sections

Size: 651KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hfdcosub
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pghyeagt
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 43KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

baa93d47220682c04d92f7797d9224ce

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comctl32

Exports

Exports

Sections

Size: 771KB - Virtual size: 1.7MB

.rsrc Size: 10KB - Virtual size: 40KB

.idata Size: 512B - Virtual size: 4KB

Size: 512B - Virtual size: 3.9MB

qjtdgpdn Size: 2.2MB - Virtual size: 2.2MB

surkxybg Size: 512B - Virtual size: 4KB

.pdata Size: 57KB - Virtual size: 60KB

baa93d47220682c04d92f7797d9224ce

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comctl32

Sections

Size: 651KB - Virtual size: 1.3MB

.rsrc Size: 512B - Virtual size: 480B

.idata Size: 512B - Virtual size: 4KB

Size: 512B - Virtual size: 4.0MB

hfdcosub Size: 2.3MB - Virtual size: 2.3MB

pghyeagt Size: 512B - Virtual size: 4KB

.pdata Size: 43KB - Virtual size: 44KB

.rsrc
Size: 10KB - Virtual size: 40KB

.idata
Size: 512B - Virtual size: 4KB

qjtdgpdn
Size: 2.2MB - Virtual size: 2.2MB

surkxybg
Size: 512B - Virtual size: 4KB

.pdata
Size: 57KB - Virtual size: 60KB

.rsrc
Size: 512B - Virtual size: 480B

.idata
Size: 512B - Virtual size: 4KB

hfdcosub
Size: 2.3MB - Virtual size: 2.3MB

pghyeagt
Size: 512B - Virtual size: 4KB

.pdata
Size: 43KB - Virtual size: 44KB