Malware-1[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Malware-1.zip
Size

637KB
MD5

2efb281516b6957add95c376485eb726
SHA1

1e69331881299fdf6f9f1b3f024d508ccf88c473
SHA256

97a8f2f308df9132d47723a1c610f3109d29e7b3da135d0730226c79a73a8a62
SHA512

5fc506cdf549c3fd48ae1412681fd220697600df9c7760d148f5a7aa0ccb2d3b2e4b78de0c92212a5acd424fba55da29e1a7fc0b98708d0c88e44b6a2e65d580
SSDEEP

12288:b8WE9mmhwFWFbdIe6YL/1UrObziLvuiPFu6hwkgOCHameDEH+wbNk5+v7:fE2FW9dIe6KHbGdtu6KsC6HDEH+wWMj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/vim.dll

resource
unpack001/vim.dll

Files

Malware-1.zip
.zip
Run-Malware-1.bat
vim.dll
.dll windows:6 windows x64 arch:x64

271c8a61a1fa8deb146a1856fb1b8a91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\dvs\p4\build\sw\gcomp\rel\gs_04_50\src\Mjolnir\RemoteInput\rxinput\nvgamepad\_out\win7_amd64_release\rxnvgamepad.pdb

Imports

kernel32

ResetEvent
GetLocalTime
GetOverlappedResult
GetProcAddress
CreateFileMappingA
DeleteCriticalSection
OpenFileMappingA
CreateEventA
MapViewOfFile
FormatMessageA
VerifyVersionInfoA
VerSetConditionMask
UnmapViewOfFile
GetModuleFileNameA
SetLastError
GetFullPathNameW
GetModuleFileNameW
LocalAlloc
CreateFileW
GetFileAttributesW
lstrcmpA
GetSystemDirectoryW
OutputDebugStringW
FileTimeToSystemTime
LocalFree
CreateProcessW
CreateThread
FreeLibrary
VerifyVersionInfoW
CreateProcessA
LoadLibraryExW
GetModuleHandleA
SetThreadPriority
GetCurrentThread
RtlCaptureStackBackTrace
LoadLibraryW
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
SetProcessAffinityMask
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
TerminateThread
SetEvent
CreateFileA
Sleep
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
WriteFile
GetCurrentProcess
EnterCriticalSection
ReadFile
PowerClearRequest
CloseHandle
GetLastError
PowerCreateRequest
GetModuleHandleW
PowerSetRequest
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SignalObjectAndWait
CreateTimerQueue
SetEndOfFile
WriteConsoleW
HeapSize
SetStdHandle
HeapReAlloc
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
FormatMessageW
WideCharToMultiByte
TryEnterCriticalSection
MultiByteToWideChar
QueryPerformanceFrequency
SwitchToThread
GetExitCodeThread
GetNativeSystemInfo
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
ExitProcess
GetModuleHandleExW
ExitThread
ResumeThread
FreeLibraryAndExitThread
HeapFree
HeapAlloc
GetStdHandle
GetFileType
GetTimeZoneInformation
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadConsoleW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetConsoleCtrlHandler
RtlUnwind

ole32

CoTaskMemFree

user32

UnregisterDeviceNotification
RegisterClassExA
PostQuitMessage
LoadIconA
TranslateMessage
CreateWindowExA
GetMessageA
DispatchMessageA
LoadCursorA
DestroyWindow
PostMessageA
RegisterDeviceNotificationA
DefWindowProcA

shell32

SHGetKnownFolderPath

advapi32

SetSecurityDescriptorDacl
AdjustTokenPrivileges
LookupPrivilegeValueA
InitializeSecurityDescriptor
RegNotifyChangeKeyValue
RegCloseKey
RegGetValueA
RegQueryValueExA
RegCreateKeyExA
RegDeleteKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegEnumKeyExA
OpenProcessToken

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList

Exports

Exports

InstallNvGamepadCallback_inject
InstallNvGamepadCallback_runtime
RxInitBlakeDllResources
RxInitInstanceBlake
RxInstallBlakeBridge
RxReleaseBlakeDllResources

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

271c8a61a1fa8deb146a1856fb1b8a91

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

user32

shell32

advapi32

setupapi

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 313KB - Virtual size: 312KB

.data Size: 16KB - Virtual size: 31KB

.pdata Size: 64KB - Virtual size: 63KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 72KB - Virtual size: 72KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 313KB - Virtual size: 312KB

.data
Size: 16KB - Virtual size: 31KB

.pdata
Size: 64KB - Virtual size: 63KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 72KB - Virtual size: 72KB

.reloc
Size: 7KB - Virtual size: 6KB