download[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

download.rar
Size

11.9MB
MD5

099771301d089601a6e8f4a529f3b019
SHA1

e6fd05c7ff8b7abb96a429e64e23f74e3d2afe34
SHA256

2d426f4b1c661a96cb8e096691d66909aa1e5939a95615b09b2ea85ed01c3af5
SHA512

f15bb9ba1282a94185f442aef9e3c436dfb1579e1c0e370ec4f43126a710cba047e8107be3998fca388182166ad9038f778df660e1834604613561ab95f956de
SSDEEP

196608:kd+NXScTPJjggPvc/OgIIPuZ1YJJjmO0VNbTPjsJZ3eqUs97f/GE2gNcXdZ4WrDE:kdb0pns/OgIdSDjmhVbsJZuqT9/nNujU

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/download/Sentinal.dll
unpack001/download/idfk why im doing dis.exe

Files

download.rar
.rar

Password: infected
download/Sentinal.dll
.dll windows:6 windows x64 arch:x64

Password: infected

826ef16799ff27bb9b68f910d876b3b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

getaddrinfo

wldap32

ord41

crypt32

CertFreeCertificateContext

advapi32

ReportEventW
RegCloseKey

kernel32

WideCharToMultiByte
GetModuleHandleA

user32

MessageBoxA
DefWindowProcW

shell32

ShellExecuteA
SHGetDiskFreeSpaceA

shlwapi

PathFindFileNameA

userenv

UnloadUserProfile

rpcrt4

RpcStringFreeA

bcrypt

BCryptGenRandom

imagehlp

ImageNtHeader

wintrust

WinVerifyTrust

Exports

Exports

s_activate
s_filestream
s_get_expiry
s_get_level
s_get_response
s_get_username
s_init
s_log
s_login
s_registr
s_token
s_var

Sections

.rsrc
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 772KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
download/idfk why im doing dis.exe
.exe windows:6 windows x64 arch:x64

Password: infected

e48f198b19448103134d8a08105f2311

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VerSetConditionMask
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

SetLayeredWindowAttributes

gdi32

CreateSolidBrush

advapi32

RegCreateKeyW

shell32

SHGetFolderPathW

msvcp140

?widen@?$ctype@_W@std@@QEBA_WD@Z

d3d11

D3D11CreateDeviceAndSwapChain

ntdll

RtlInitUnicodeString

imm32

ImmSetCandidateWindow

d3dcompiler_47

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception_context

api-ms-win-crt-heap-l1-1-0

malloc

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback

api-ms-win-crt-math-l1-1-0

powf

api-ms-win-crt-stdio-l1-1-0

fputc

api-ms-win-crt-filesystem-l1-1-0

_wremove

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

tolower

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

Sections

.text
Size: - Virtual size: 452KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tY[
Size: - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Bi>
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.v88
Size: 8.1MB - Virtual size: 8.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

826ef16799ff27bb9b68f910d876b3b2

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

crypt32

advapi32

kernel32

user32

shell32

shlwapi

userenv

rpcrt4

bcrypt

imagehlp

wintrust

Exports

Exports

Sections

.rsrc Size: - Virtual size: 2.3MB

.rdata Size: - Virtual size: 772KB

.reloc Size: - Virtual size: 64KB

.reloc Size: - Virtual size: 104KB

.reloc Size: 30KB - Virtual size: 32KB

.pdata Size: - Virtual size: 6.4MB

.pdata Size: 114KB - Virtual size: 114KB

Password: infected

e48f198b19448103134d8a08105f2311

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcp140

d3d11

ntdll

imm32

d3dcompiler_47

dwmapi

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: - Virtual size: 452KB

.rdata Size: - Virtual size: 118KB

.data Size: - Virtual size: 13KB

.pdata Size: - Virtual size: 18KB

.tY[ Size: - Virtual size: 6.5MB

.Bi> Size: 4KB - Virtual size: 4KB

.v88 Size: 8.1MB - Virtual size: 8.1MB

.rsrc Size: 512B - Virtual size: 480B

.rsrc
Size: - Virtual size: 2.3MB

.rdata
Size: - Virtual size: 772KB

.reloc
Size: - Virtual size: 64KB

.reloc
Size: - Virtual size: 104KB

.reloc
Size: 30KB - Virtual size: 32KB

.pdata
Size: - Virtual size: 6.4MB

.pdata
Size: 114KB - Virtual size: 114KB

.text
Size: - Virtual size: 452KB

.rdata
Size: - Virtual size: 118KB

.data
Size: - Virtual size: 13KB

.pdata
Size: - Virtual size: 18KB

.tY[
Size: - Virtual size: 6.5MB

.Bi>
Size: 4KB - Virtual size: 4KB

.v88
Size: 8.1MB - Virtual size: 8.1MB

.rsrc
Size: 512B - Virtual size: 480B