d6qvmvul1w (infected)[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

d6qvmvul1w (infected).zip
Size

23.9MB
MD5

61bede6e781f9d0e3d8417d0d401ab3b
SHA1

3a215b388851c10c8a403ab98454e116a590a92b
SHA256

75ddef9df15dda9855430c24b2dd43d9d4b870684e51ad64dea19cee188e32b7
SHA512

1c7759021ae9ef5fb6b334e10b6c979795c330ad5b6befeaf625aa691a82f2f01c5b2ca8df1fc592f0bc4723e38af6f692c8bddedd0640a2b86084259117c1f5
SSDEEP

393216:C6IAXpJ+5gK5t4Ddg8r1dNHROSUuuUYv59NHvf78cdc6Pfa7fayBxE2T/1WrPNgh:2qMqgSG6THR5UuMV1igSGW8rkoNBpk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Launcherkks.exe

Files

d6qvmvul1w (infected).zip
.zip

Password: infected
Launcherkks.exe
.exe windows:6 windows x64 arch:x64

Password: infected

323d90ed81a6ce165d8cf5def79b9f9e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

winmm

midiInClose
midiInStop
midiInOpen
midiInGetErrorTextA
midiInGetDevCapsA
midiInGetNumDevs
timeBeginPeriod
timeEndPeriod
midiInStart

kernel32

GetCurrentThreadId
SetThreadPriority
SetPriorityClass
LoadLibraryW
GlobalSize
GlobalUnlock
GlobalLock
PowerCreateRequest
PowerSetRequest
PowerClearRequest
lstrlenW
CompareStringOrdinal
LCIDToLocaleName
GetLocaleInfoEx
LoadLibraryA
GetLocaleInfoW
FlushFileBuffers
WriteFile
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
IsDebuggerPresent
K32EnumProcessModules
K32GetModuleBaseNameA
K32GetModuleFileNameExA
K32GetModuleInformation
VirtualProtect
GetTimeZoneInformation
SystemTimeToFileTime
FormatMessageW
LoadLibraryExW
GetProcAddress
GetModuleHandleW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetEndOfFile
FreeLibraryAndExitThread
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
GetModuleHandleExW
ExitProcess
GetFileType
InitializeCriticalSectionAndSpinCount
RtlUnwind
InterlockedPushEntrySList
RtlUnwindEx
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetCPInfo
GetStringTypeW
LCMapStringEx
GetModuleHandleA
EncodePointer
InitializeCriticalSectionEx
InitOnceComplete
InitOnceBeginInitialize
AcquireSRWLockShared
ReleaseSRWLockShared
GetNativeSystemInfo
GetExitCodeThread
WaitForSingleObjectEx
RaiseException
RtlPcToFileHeader
SleepConditionVariableSRW
WakeConditionVariable
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SetLastError
CreateNamedPipeW
ConnectNamedPipe
SetFileAttributesW
CreateSymbolicLinkW
ReplaceFileW
MoveFileW
RemoveDirectoryW
GetVolumeInformationW
GetLogicalDrives
GetFinalPathNameByHandleW
GetDiskFreeSpaceExA
FindFirstFileExW
DeleteFileW
CreateDirectoryW
GetTickCount64
GetProcessHeap
HeapFree
HeapAlloc
CreateMutexA
ReleaseMutex
CreateEventA
ResetEvent
SetEvent
SleepConditionVariableCS
WakeAllConditionVariable
InitializeConditionVariable
SetThreadAffinityMask
SetThreadIdealProcessor
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateThread
SwitchToThread
GetSystemInfo
GetLargePageMinimum
VirtualFree
VirtualAlloc
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetFullPathNameW
GetModuleFileNameW
FreeLibrary
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetLocalTime
GetSystemTimeAsFileTime
GetSystemTime
OpenProcess
CreateProcessW
GetExitCodeProcess
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
Sleep
WaitForSingleObject
QueryPerformanceFrequency
QueryPerformanceCounter
CreatePipe
GetLastError
SetHandleInformation
OutputDebugStringA
GetFileAttributesW
FindNextFileW
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
HeapReAlloc
HeapSize
CloseHandle
OutputDebugStringW
ReadFile
GetShortPathNameW
GetLongPathNameW
GetFileSize
FindFirstFileW
FindClose
CreateFileW
CompareFileTime
SearchPathW
K32GetPerformanceInfo
SetConsoleOutputCP
SetConsoleCP
SetConsoleCtrlHandler
SetConsoleMode
AttachConsole
GetUserDefaultUILanguage
GetCurrentDirectoryW
GetCurrentThread
SetCurrentDirectoryW
SetEnvironmentVariableW
GetEnvironmentVariableW
SetStdHandle
GetStdHandle
WideCharToMultiByte
LocalFree
GlobalAlloc
GetCommandLineW
GetACP
MultiByteToWideChar
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
DecodePointer
GetCommandLineA
GetOEMCP
IsValidCodePage
HeapQueryInformation

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize
CoTaskMemFree
PropVariantClear
CoTaskMemAlloc

oleaut32

SysFreeString
SysAllocString
VariantInit

user32

MessageBoxW
GetDCEx
ActivateKeyboardLayout
GetMenuItemRect
SetMenuItemInfoW
GetMenuItemInfoW
InsertMenuItemW
SetMenuInfo
TrackPopupMenuEx
RemoveMenu
GetMenuItemCount
DestroyMenu
CreatePopupMenu
PostMessageA
GetRawInputDeviceList
GetRawInputDeviceInfoA
RegisterRawInputDevices
GetRawInputData
IsProcessDPIAware
EnumDisplayMonitors
GetMonitorInfoW
GetMonitorInfoA
MonitorFromWindow
SystemParametersInfoA
DisplayConfigGetDeviceInfo
QueryDisplayConfig
GetDisplayConfigBufferSizes
EnumDisplaySettingsW
CreateIconIndirect
CreateIconFromResource
DestroyIcon
LoadIconA
LoadCursorA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
SetWindowLongPtrW
SetWindowLongPtrA
GetWindowLongPtrW
GetWindowLongPtrA
OffsetRect
FillRect
ClipCursor
WindowFromPoint
ScreenToClient
ClientToScreen
SetCaretPos
DestroyCaret
CreateCaret
GetCursorPos
SetCursor
SetCursorPos
AdjustWindowRectEx
GetWindowRect
ToUnicodeEx
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
SetWindowRgn
GetUpdateRect
ReleaseDC
GetWindowDC
GetClientRect
GetDC
AllowSetForegroundWindow
SetForegroundWindow
GetForegroundWindow
DrawTextW
GetSystemMetrics
KillTimer
SetTimer
ReleaseCapture
SetCapture
MapVirtualKeyExA
MapVirtualKeyA
RegisterTouchWindow
CloseTouchInputHandle
GetTouchInputInfo
GetKeyboardState
GetAsyncKeyState
GetKeyState
SetFocus
IsClipboardFormatAvailable
EmptyClipboard
RegisterClipboardFormatA
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
GetDlgItem
EndDialog
DialogBoxIndirectParamW
IsZoomed
IsIconic
IsWindowVisible
SetWindowPos
MoveWindow
FlashWindowEx
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
UnregisterClassW
RegisterClassW
GetDoubleClickTime
CallWindowProcW
DefWindowProcW
SendMessageW
SendMessageA
GetMessageExtraInfo
GetMessageTime
PeekMessageW
DispatchMessageW
TranslateMessage
TrackMouseEvent
GetKeyboardLayout
GetKeyboardLayoutList

gdi32

SelectObject
Rectangle
GetTextExtentPoint32W
GetStockObject
GetPixel
GetDIBits
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePen
CreateCompatibleBitmap
CreateBitmap
BitBlt
CreateCompatibleDC
SetDIBitsToDevice
CreateDIBSection
CreatePolygonRgn
SetPixelFormat
SwapBuffers
ChoosePixelFormat

shlwapi

ord219

shell32

SHGetPropertyStoreForWindow
DragAcceptFiles
Shell_NotifyIconW
SHGetKnownFolderPath
SHFileOperationW
ShellExecuteW
CommandLineToArgvW
Shell_NotifyIconGetRect
SetCurrentProcessExplicitAppUserModelID
DragQueryFileW
SHCreateItemFromParsingName

advapi32

LookupPrivilegeValueW
GetSidSubAuthorityCount
GetTokenInformation
RegEnumValueW
AdjustTokenPrivileges
GetCurrentHwProfileA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegGetValueW
RegEnumKeyExW
OpenProcessToken
RegOpenKeyW
RegSetValueExW
GetSidSubAuthority

dinput8

DirectInput8Create

imm32

ImmGetContext
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmGetCompositionStringW
ImmAssociateContext
ImmReleaseContext

bcrypt

BCryptGenRandom

crypt32

CertCloseStore
CryptBinaryToStringA
CertOpenSystemStoreA
CertGetCertificateContextProperty
CertEnumCertificatesInStore

avrt

AvSetMmThreadCharacteristicsW
AvSetMmThreadPriority

dwmapi

DwmGetWindowAttribute
DwmSetWindowAttribute
DwmIsCompositionEnabled
DwmEnableBlurBehindWindow

dwrite

DWriteCreateFactory

dbghelp

ImageRvaToVa
ImageDirectoryEntryToDataEx
ImageNtHeader
UnDecorateSymbolName
StackWalk64
SymSetOptions
ImageDirectoryEntryToData
SymCleanup
SymFunctionTableAccess64
SymGetModuleBase64
SymGetLineFromAddr64
SymInitialize
SymGetSymFromAddr64
SymLoadModule64
SymGetOptions

iphlpapi

GetBestInterfaceEx
GetAdaptersAddresses

wsock32

accept
__WSAFDIsSet
select
recv
listen
WSAGetLastError
socket
setsockopt
sendto
recvfrom
bind
inet_ntoa
WSAStartup
WSACleanup
connect
send
htonl
htons
ntohl
ntohs
closesocket
getsockname
ioctlsocket

ws2_32

freeaddrinfo
WSAConnect
inet_pton
getnameinfo
getaddrinfo

ntdll

NtQueryInformationFile

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 51.7MB - Virtual size: 51.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13.7MB - Virtual size: 13.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

pck
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fptable
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 372KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Launcherkks.pck

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

323d90ed81a6ce165d8cf5def79b9f9e

Headers

DLL Characteristics

File Characteristics

Imports

winmm

kernel32

ole32

oleaut32

user32

gdi32

shlwapi

shell32

advapi32

dinput8

imm32

bcrypt

crypt32

avrt

dwmapi

dwrite

dbghelp

iphlpapi

wsock32

ws2_32

ntdll

Exports

Exports

Sections

.text Size: 51.7MB - Virtual size: 51.7MB

.rdata Size: 13.7MB - Virtual size: 13.7MB

.data Size: 1.2MB - Virtual size: 2.9MB

.pdata Size: 2.0MB - Virtual size: 2.0MB

pck Size: 512B - Virtual size: 8B

.fptable Size: 512B - Virtual size: 256B

.rsrc Size: 24KB - Virtual size: 23KB

.reloc Size: 372KB - Virtual size: 372KB

.text
Size: 51.7MB - Virtual size: 51.7MB

.rdata
Size: 13.7MB - Virtual size: 13.7MB

.data
Size: 1.2MB - Virtual size: 2.9MB

.pdata
Size: 2.0MB - Virtual size: 2.0MB

pck
Size: 512B - Virtual size: 8B

.fptable
Size: 512B - Virtual size: 256B

.rsrc
Size: 24KB - Virtual size: 23KB

.reloc
Size: 372KB - Virtual size: 372KB