jupyter | Chapter 2[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Chapter 2.zip
Size

4.1MB
MD5

0f4a961ef5bfaaff6f1bfbcc55edad56
SHA1

8c601b0717fcf6b5275de0e29630d72821782397
SHA256

d07bdefcabeb6ef9fd8066d5fd79777225bc0725aef6e737f16c643ae9662559
SHA512

9da755d95d9cf6fd22927dcb2e683f8135f973beffd8c428b98a43eb6ac2ea2360de7f337ab1267900c7d4433d48baf52ffa1a5ebf22eb95b33b35f9658281f8
SSDEEP

98304:Glt3iHt3Bk5T0SU5cp6QyC9FlxWKLDXF5vCeGxzCO3jXoltnsWU:Gj3cBqT0rcpDyC2Kn3vCeK2O2tPU

Score

10^/10

cryptone packer jupyter

Malware Config

Extracted

Family

jupyter

Version

MX-2

http://5.254.118.242

Signatures

Jupyter Backdoor/Client payload 1 IoCs

resource	yara_rule
static1/unpack001/Challenge_1.dll	family_jupyter

Jupyter family
jupyter

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
static1/unpack001/8888888.png	cryptone

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Challenge_1.dll
unpack001/Challenge_2.bin
unpack001/filetype.exe
unpack001/md5-1.exe
unpack001/md5-2.exe
unpack002/ssdeep-2.14.1/fuzzy.dll
unpack002/ssdeep-2.14.1/ssdeep.exe

Files

Chapter 2.zip
.zip
8888888.png
.exe windows:4 windows x86 arch:x86

68d91b46eb0976c4f7c6b9ba2c81af54

Code Sign

1d:7b:98:cc:48:0b:c3:73:b3:84:a0:fd:1f:c0:d0:6f
Certificate

Issuer

CN=PVENHMJAVNRFPSGGST

Not Before

28-05-2020 20:11

Not After

31-12-2039 23:59

Subject

CN=PVENHMJAVNRFPSGGST

Extended Key Usages

ExtKeyUsageCodeSigning

ee:d7:2a:b1:7c:a1:f9:c4:1d:45:e6:1c:64:d7:72:3a:aa:aa:87:2f
Signer

Actual PE Digest

ee:d7:2a:b1:7c:a1:f9:c4:1d:45:e6:1c:64:d7:72:3a:aa:aa:87:2f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
Sleep
LoadLibraryA
GetProcAddress
GetModuleHandleW
IsValidLocale
GetOverlappedResult
CommConfigDialogW
lstrcmpiA
WriteConsoleOutputA
DeleteTimerQueueTimer
SetHandleCount
GetSystemTimeAsFileTime
GlobalGetAtomNameW
EnumSystemCodePagesA
GetNamedPipeHandleStateA
CompareStringW
GetProcessAffinityMask
ReadConsoleOutputCharacterW
SetMessageWaitingIndicator
GetProfileIntA
Process32FirstW
GetPrivateProfileSectionA
FlushConsoleInputBuffer
GetVersion
GetModuleHandleA
MultiByteToWideChar
GetVersionExW
CreateFileW
WriteFile
GetEnvironmentVariableW
GetSystemTime
GetCurrentProcessId
FindNextFileW
FindClose
GetSystemTimeAdjustment
QueryPerformanceCounter
FindFirstFileW
GlobalMemoryStatus
GetCurrentThreadId
GetLogicalDriveStringsW
QueryPerformanceFrequency
CloseHandle
CreateProcessW
WaitForSingleObject
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetTickCount
GetVersionExA
SleepEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
FormatMessageA
SetLastError
FormatMessageW
LocalFree
OutputDebugStringW
FreeLibrary
LoadLibraryW
GetCurrentThread
SuspendThread
MulDiv
MoveFileExW
GetModuleFileNameW
SetErrorMode
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
CreateMutexW
ReleaseMutex
CreateSemaphoreW
ReleaseSemaphore
TlsSetValue
ExitProcess
SetThreadPriority
ResumeThread
TlsGetValue
TlsFree
TlsAlloc
FindResourceW
GetCPInfo
IsValidCodePage
TerminateProcess
SizeofResource
LockResource
LoadResource
GetFileAttributesW
GetTempPathW
GetFileTime
GetFileSize
GetTempFileNameW
CopyFileW
SetCurrentDirectoryW
GetACP
GetUserDefaultLCID
GetLocaleInfoW
SetThreadLocale
RaiseException
SetEvent
CreateThread
IsBadReadPtr
IsBadStringPtrA
ExpandEnvironmentStringsW
GetCommandLineW
FreeConsole
ReadConsoleOutputCharacterA
GetConsoleScreenBufferInfo
WriteConsoleA
WriteConsoleW
FillConsoleOutputCharacterW
SetConsoleCursorPosition
GlobalUnlock
GlobalAlloc
GlobalSize
GlobalLock
HeapSize
GetProcessHeap
GlobalFree
InterlockedExchange
EncodePointer
DecodePointer
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RtlUnwind
ExitThread
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
SetFilePointer
GetDriveTypeA
FindFirstFileExA
GetTimeZoneInformation
CreateFileA
SetConsoleCtrlHandler
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
GetTimeFormatW
GetDateFormatW
DeleteFileW
GetConsoleCP
FlushFileBuffers
SetStdHandle
InitializeCriticalSectionAndSpinCount
MoveFileW
RemoveDirectoryW
CreateDirectoryW
GetFullPathNameW
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
IsProcessorFeaturePresent
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetFullPathNameA
GetExitCodeProcess
SetEndOfFile
GetStringTypeW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetDriveTypeW
GetLocaleInfoA
EnumSystemLocalesA
GetModuleFileNameA
GetCurrentProcess
GetCurrentDirectoryW
GetSystemDirectoryW
lstrlenW
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetFileAttributesW
LocalAlloc
lstrcmpW
WriteProcessMemory
WritePrivateProfileStringW
VirtualProtect
VirtualFree
VirtualAlloc
TerminateThread
SystemTimeToFileTime
HeapDestroy
GlobalHandle
GetSystemInfo
GetPrivateProfileStringW
GetLocalTime
GetComputerNameW
InterlockedExchangeAdd
InterlockedCompareExchange
FlushInstructionCache
CreateFileMappingW
GetUserDefaultUILanguage

user32

CreatePopupMenu
CloseClipboard
AnyPopup
CreateMenu
CountClipboardFormats
EndMenu
LoadCursorFromFileW
GetWindowDC
GetWindowTextLengthW
IsCharLowerW
LoadCursorFromFileA
LoadIconW
MessageBoxW
GetScrollInfo
SetScrollInfo
EnableScrollBar
ScrollWindow
GetParent
WindowFromPoint
SetParent
RedrawWindow
ScreenToClient
ClientToScreen
IsWindowVisible
IsWindowEnabled
GetMessageTime
GetActiveWindow
GetWindow
ChildWindowFromPointEx
UnhookWindowsHookEx
CallNextHookEx
TrackPopupMenu
CallWindowProcW
IsDialogMessageW
InvalidateRect
FillRect
IsWindow
SetWindowTextW
GetSysColor
GetClientRect
SetFocus
ReleaseCapture
SetCursorPos
UpdateWindow
MoveWindow
DeferWindowPos
GetWindowRect
GetUpdateRgn
MapWindowPoints
BeginDeferWindowPos
EndDeferWindowPos
SystemParametersInfoW
GetMenuItemInfoW
GetMenuItemCount
SetWindowsHookExW
RegisterHotKey
UnregisterHotKey
PtInRect
InflateRect
SetMenu
CreateIconIndirect
BringWindowToTop
IsIconic
SetForegroundWindow
IsZoomed
FlashWindow
CreateDialogIndirectParamW
GetWindowPlacement
DrawMenuBar
EnableMenuItem
GetSystemMenu
CreateDialogParamW
GetDlgItem
SetWindowRgn
LoadImageW
MessageBeep
GetClassNameW
GetWindowTextW
DestroyCursor
BeginPaint
EndPaint
ChangeDisplaySettingsW
EnumDisplaySettingsW
GetDoubleClickTime
DrawFrameControl
OffsetRect
DrawIconEx
SetCapture
DrawTextW
CopyRect
DrawStateW
SetRectEmpty
DrawFocusRect
GetMenuState
GetSysColorBrush
CheckMenuItem
CheckMenuRadioItem
ShowWindow
SetRect
DrawEdge
GetClipboardFormatNameW
RegisterClipboardFormatW
DestroyMenu
GetSubMenu
InsertMenuW
InsertMenuItemW
RemoveMenu
ModifyMenuW
AppendMenuW
HideCaret
keybd_event
FindWindowExW
DestroyAcceleratorTable
CreateAcceleratorTableW
TranslateAcceleratorW
UnionRect
IsRectEmpty
ValidateRgn
ChildWindowFromPoint
IsClipboardFormatAvailable
GetDialogBaseUnits
wsprintfW
ShowCursor
AdjustWindowRectEx
DdeCreateStringHandleW
DdeClientTransaction
DdeDisconnect
DdeInitializeW
DdeGetLastError
DdeCreateDataHandle
DdeGetData
DdeFreeDataHandle
DdeQueryStringW
DdeUninitialize
DdeFreeStringHandle
LoadCursorW
SetCursor
MsgWaitForMultipleObjects
GetMessageW
DispatchMessageW
SetTimer
KillTimer
PeekMessageW
DestroyWindow
DefWindowProcW
UnregisterClassW
RegisterClassW
PostMessageW
CreateWindowExW
PostThreadMessageW
ValidateRect
SetWindowPos
GetFocus
EnableWindow
SetWindowLongW
GetWindowLongW
GetAsyncKeyState
SetActiveWindow
VkKeyScanW
MapVirtualKeyW
TranslateMessage
PostQuitMessage
GetMessagePos
GetIconInfo
LoadBitmapW
GetKeyState
DestroyIcon
DdePostAdvise
MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
GetCapture
GetCursorPos
SendMessageA
FindWindowA
GetSystemMetrics
ReleaseDC
GetDC
RegisterWindowMessageW
SendMessageTimeoutW
SendMessageW
FindWindowW
DdeConnect
SetMenuItemInfoW
DdeNameService

gdi32

GetBkColor
DeleteObject
GetTextColor
AbortPath
CreateMetaFileA
GetFontLanguageInfo
GetBkMode
CreateMetaFileW
CancelDC
GetEnhMetaFileA
GetGraphicsMode
GetLayout
RealizePalette
CreateCompatibleDC
GetObjectType
CreateHalftonePalette
CreatePatternBrush
GetStockObject
SaveDC
DeleteDC
GetSystemPaletteUse
GetDCPenColor
GetEnhMetaFileW
BeginPath
WidenPath
GetStretchBltMode
CloseMetaFile
EndPath
FillPath
GdiGetBatchLimit
PathToRegion
SwapBuffers
AddFontResourceW
FlattenPath
AddFontResourceA
GetPixelFormat
GetTextCharset
GdiFlush
AbortDoc
GetTextAlign
GetMapMode
EndPage
DeleteColorSpace
EndDoc
DeleteMetaFile
CreateSolidBrush
UpdateColors
UnrealizeObject
GetPolyFillMode
DeleteEnhMetaFile
GetTextCharacterExtra
CloseEnhMetaFile
CloseFigure
GetDCBrushColor
GetColorSpace
GetROP2
SetMetaRgn
StrokePath
QueryFontAssocStatus
SetDIBColorTable
GdiEntry8
FontIsLinked
EngCreateSemaphore
OffsetViewportOrgEx
SetTextColor
GdiGetSpoolFileHandle
GetEnhMetaFilePixelFormat
EngStretchBltROP
GdiEndPageEMF
OffsetRgn
EngLockSurface
SetLayoutWidth
GdiPlayScript
Rectangle
XLATEOBJ_hGetColorTransform
FONTOBJ_pvTrueTypeFontFile
GetCharWidthA
GdiSwapBuffers
SetWorldTransform
GetPixel
GdiCleanCacheDC
ExtCreatePen
GetWorldTransform
ResetDCW
STROBJ_bEnumPositionsOnly
GetTextExtentPointI
GdiEntry14
CreateEllipticRgn
EngCheckAbort
CreateBitmapIndirect
CreateICA
SetBitmapBits
GdiQueryFonts
GetSystemPaletteEntries
CreateICW
SetTextAlign
CreateRectRgnIndirect
GetTextExtentExPointW
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
CreatePen
CreateHatchBrush
EnumFontFamiliesExW
Polyline
SetROP2
SetViewportOrgEx
SetPixel
PolyBezier
SetWindowOrgEx
PlayEnhMetaFile
SetAbortProc
StartDocW
StartPage
CreateDCW
GetEnhMetaFileHeader
CreateEnhMetaFileW
GetClipBox
CreateFontIndirectW
SetBkMode
StretchBlt
MoveToEx
SetWindowExtEx
SetViewportExtEx
SetMapMode
SelectClipRgn
SetStretchBltMode
ExtSelectClipRgn
ExtFloodFill
Arc
Pie
Polygon
LineTo
GetRegionData
ExtCreateRegion
SetBkColor
CreateBitmap
GetObjectW
ExcludeClipRect
SetBrushOrgEx
CreateRectRgn
SelectPalette
GetTextMetricsW
GetOutlineTextMetricsW
GetCharABCWidthsW
CombineRgn
RectInRegion
PtInRegion
EqualRgn
GetRgnBox
GetDIBColorTable
CreateDIBitmap
GetDIBits
CreateDIBSection
GetTextExtentPoint32W
StretchDIBits
ExtTextOutW
MaskBlt
Ellipse
RoundRect
PolyPolygon
SetPolyFillMode
GetDeviceCaps
BitBlt
SelectObject
CreateCompatibleBitmap

comdlg32

PageSetupDlgW
PrintDlgW
ChooseFontW
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

advapi32

GetUserNameA
RegOpenKeyA
RegQueryValueExA
FreeSid
RegOpenKeyExW
RegCloseKey
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegDeleteValueW
RegEnumKeyW
RegDeleteKeyW
GetUserNameW
DeregisterEventSource
ReportEventA
RegisterEventSourceA

shell32

SHFileOperation
SHGetDesktopFolder
SHFileOperationW
SHPathPrepareForWriteW
SHBrowseForFolderA
WOWShellExecute
FindExecutableW
SHFormatDrive
ShellAboutW
SHLoadNonloadedIconOverlayIdentifiers
ExtractIconW
SHGetFileInfoW
DragFinish
SHGetMalloc
DragQueryFileW
ExtractIconExW
ShellExecuteExW
SHGetPathFromIDListW
DragAcceptFiles
DragQueryPoint
SHGetSpecialFolderLocation

ole32

OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
OleSetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
CoTaskMemAlloc
ReleaseStgMedium
OleInitialize
OleUninitialize
CoCreateInstance
CoCreateGuid
OleLockRunning
OleRun
OleSetContainedObject

shlwapi

StrChrIA

comctl32

ImageList_GetImageCount
ImageList_GetIconSize
ImageList_Create
ImageList_Add
ImageList_ReplaceIcon
ImageList_Replace
ImageList_Remove
ImageList_Draw
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragMove
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_Destroy

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 261B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

r2
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Challenge_1.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Challenge_2.bin
.exe windows:4 windows x86 arch:x86

9ecee117164e0b870a53dd187cdd7174

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
InterlockedIncrement
GetCurrentThreadId
GetCurrentThread
ReadFile
GetFileSize
CreateFileA
MoveFileExA
SizeofResource
TerminateThread
LoadResource
FindResourceA
GetProcAddress
GetModuleHandleW
ExitProcess
GetModuleFileNameA
LocalFree
LocalAlloc
CloseHandle
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GlobalAlloc
GlobalFree
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
LockResource
Sleep
GetStartupInfoA
GetModuleHandleA

advapi32

StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
ChangeServiceConfig2A
SetServiceStatus
OpenSCManagerA
CreateServiceA
CloseServiceHandle
StartServiceA
CryptGenRandom
CryptAcquireContextA
OpenServiceA

ws2_32

closesocket
recv
send
htonl
ntohl
WSAStartup
inet_ntoa
ioctlsocket
select
htons
socket
connect
inet_addr

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

iphlpapi

GetAdaptersInfo
GetPerAdapterInfo

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle

msvcrt

__set_app_type
_stricmp
__p__fmode
__p__commode
_except_handler3
__setusermatherr
_initterm
__getmainargs
_acmdln
_adjust_fdiv
_controlfp
exit
_XcptFilter
_exit
_onexit
__dllonexit
free
??2@YAPAXI@Z
_ftol
sprintf
_endthreadex
strncpy
rand
_beginthreadex
__CxxFrameHandler
srand
time
__p___argc

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
filetype.exe
.exe windows:4 windows x86 arch:x86

0c4f4ffc91ae78ca0c16ffa93c240b69

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\vc\filetype\Release\filetype.pdb

Imports

kernel32

CopyFileA
MoveFileA
CreateDirectoryA
GetFileAttributesA
FindClose
FindNextFileA
FindFirstFileA
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
GetCommandLineA
GetVersionExA
HeapFree
GetLastError
CloseHandle
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
LCMapStringA
MultiByteToWideChar
LCMapStringW
ReadFile
SetStdHandle
FlushFileBuffers
SetFilePointer
CreateFileA
HeapSize
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
GetACP
GetOEMCP
GetCPInfo
GetLocaleInfoA
VirtualProtect
GetSystemInfo
GetStringTypeA
GetStringTypeW
SetEndOfFile

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
filetypes.dat
md5-1.exe
.exe windows:4 windows x86 arch:x86

23285270545de4353386c2c1c9ed45a4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess

msvcrt

printf

Sections

.text
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
md5-2.exe
.exe windows:4 windows x86 arch:x86

23285270545de4353386c2c1c9ed45a4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess

msvcrt

printf

Sections

.text
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ssdeep.zip
.zip
ssdeep-2.14.1/API.TXT
ssdeep-2.14.1/FILEFORMAT.TXT
ssdeep-2.14.1/NEWS.TXT
ssdeep-2.14.1/README.TXT
ssdeep-2.14.1/fuzzy.def
ssdeep-2.14.1/fuzzy.dll
.dll windows:4 windows x86 arch:x86

43a1d595bcb72e6a893f825c17fdae4f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameW
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
__doserrno
__pioinfo
_amsg_exit
_errno
_exit
_filelengthi64
_fileno
_initterm
_iob
_lock
_lseeki64
_onexit
_snwprintf
fclose
ferror
fflush
fgetpos
fopen
fread
free
fsetpos
fwprintf
fwrite
malloc
memcmp
memcpy
raise
sscanf
strchr
strlen
strncmp
_unlock
_write
abort
vfprintf
wcscpy
calloc
_vsnprintf

user32

MessageBoxW

Exports

Exports

edit_distn
find_file_size
fuzzy_clone
fuzzy_compare
fuzzy_digest
fuzzy_free
fuzzy_hash_buf
fuzzy_hash_file
fuzzy_hash_filename
fuzzy_hash_stream
fuzzy_new
fuzzy_set_total_input_length
fuzzy_update

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 948B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 377B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ssdeep-2.14.1/fuzzy.h
ssdeep-2.14.1/sample.c
ssdeep-2.14.1/ssdeep.exe
.exe windows:4 windows x86 arch:x86

b14ca8226b285fec8342b432a8456f90

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FindClose
FindFirstFileW
FindNextFileW
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
RaiseException
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

msvcrt

__argv
__dllonexit
__doserrno
__getmainargs
__initenv
__lconv_init
__mb_cur_max
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_endthreadex
_errno
_exit
_filelengthi64
_fileno
_fmode
_fstat64
_initterm
_iob
_lock
_lseeki64
_onexit
_setjmp3
_snwprintf
_strnicmp
exit
fclose
feof
ferror
fflush
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
fsetpos
fwprintf
fwrite
getc
getenv
getwc
isalpha
islower
isspace
isupper
iswctype
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
perror
printf
putc
putchar
puts
putwc
raise
realloc
setlocale
setvbuf
signal
sprintf
sscanf
strchr
strcmp
strcoll
strerror
strftime
strlen
strncmp
strtol
strtoul
strxfrm
_ultoa
_unlock
_wcsdup
_wcsnicmp
_wfopen
_wfullpath
_wgetcwd
_write
abort
atoi
tolower
towlower
towupper
ungetc
ungetwc
vfprintf
vprintf
wcscoll
wcscpy
wcsftime
wcslen
wcsncmp
wcsncpy
wcsrchr
wcsstr
wcsxfrm
atol
calloc
_vsnprintf
longjmp
_write
_strdup
_read
_fileno
_fdopen

shell32

CommandLineToArgvW

user32

MessageBoxW

Sections

.text
Size: 769KB - Virtual size: 769KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

68d91b46eb0976c4f7c6b9ba2c81af54

Code Sign

1d:7b:98:cc:48:0b:c3:73:b3:84:a0:fd:1f:c0:d0:6fCertificate

Extended Key Usages

ee:d7:2a:b1:7c:a1:f9:c4:1d:45:e6:1c:64:d7:72:3a:aa:aa:87:2fSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

comctl32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 512B - Virtual size: 261B

.data Size: 20KB - Virtual size: 20KB

r2 Size: 42KB - Virtual size: 42KB

.rsrc Size: 68KB - Virtual size: 68KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 168KB - Virtual size: 167KB

.rsrc Size: 4KB - Virtual size: 792B

.reloc Size: 4KB - Virtual size: 12B

9ecee117164e0b870a53dd187cdd7174

Headers

File Characteristics

Imports

kernel32

advapi32

ws2_32

msvcp60

iphlpapi

wininet

msvcrt

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 156KB - Virtual size: 3.0MB

.rsrc Size: 3.4MB - Virtual size: 3.4MB

0c4f4ffc91ae78ca0c16ffa93c240b69

Headers

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 7KB

23285270545de4353386c2c1c9ed45a4

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 512B - Virtual size: 32B

.rdata Size: 512B - Virtual size: 192B

.data Size: 512B - Virtual size: 20B

23285270545de4353386c2c1c9ed45a4

Headers

File Characteristics

Imports

kernel32

1d:7b:98:cc:48:0b:c3:73:b3:84:a0:fd:1f:c0:d0:6f
Certificate

ee:d7:2a:b1:7c:a1:f9:c4:1d:45:e6:1c:64:d7:72:3a:aa:aa:87:2f
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 512B - Virtual size: 261B

.data
Size: 20KB - Virtual size: 20KB

r2
Size: 42KB - Virtual size: 42KB

.rsrc
Size: 68KB - Virtual size: 68KB

.text
Size: 168KB - Virtual size: 167KB

.rsrc
Size: 4KB - Virtual size: 792B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 156KB - Virtual size: 3.0MB

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 7KB

.text
Size: 512B - Virtual size: 32B

.rdata
Size: 512B - Virtual size: 192B

.data
Size: 512B - Virtual size: 20B

.text
Size: 512B - Virtual size: 32B

.rdata
Size: 512B - Virtual size: 192B

.data
Size: 512B - Virtual size: 20B

.text
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 24B

.rdata
Size: 6KB - Virtual size: 5KB

.bss
Size: - Virtual size: 948B

.edata
Size: 512B - Virtual size: 377B

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 1024B - Virtual size: 700B

.text
Size: 769KB - Virtual size: 769KB

.data
Size: 7KB - Virtual size: 6KB

.rdata
Size: 52KB - Virtual size: 52KB

.bss
Size: - Virtual size: 3KB

.idata
Size: 5KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 56B

.tls
Size: 512B - Virtual size: 32B