Z-Launcher[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Z-Launcher.exe
Size

25.7MB
MD5

a94d17b6d3fdd671b7349347c5745e55
SHA1

c1a4a36e59a0a3f1e8dae7316e5b0dd097e0d770
SHA256

539caf83731be716f1ecaaaef930bae93973cacb1fc9e73dcbadaadab5600fbe
SHA512

9e4df26c55b67a412280ed0624e98e306f00bfceb0731d5eedf29892836d292183355e558a89c9883ee8272898316b3604e066f3202bce415861f5005755217e
SSDEEP

196608:e5DhaKwuFJXKeYCKUbi67aYN5MVi6taYN5iGzhTGlK3TFA:eNha7uDXfYpIi85MViQ5iGzhTGlE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Z-Launcher.exe

Files

Z-Launcher.exe
.exe windows:6 windows x64 arch:x64

86f4b0de3fe73d34514f61122d9b2302

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

z_launcher_desktop.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
WaitOnAddress
WakeByAddressSingle

kernel32

WriteFile
ReadFile
LocalFree
GetCurrentProcess
DuplicateHandle
GetModuleFileNameW
GetCommandLineW
GetNamedPipeServerProcessId
WaitForSingleObject
DeleteFileW
CreateProcessA
ExitProcess
GetNamedPipeClientProcessId
lstrlenW
GetModuleHandleW
GetUserDefaultUILanguage
LCIDToLocaleName
DisconnectNamedPipe
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
HeapFree
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
HeapAlloc
GetCurrentThreadId
GetProcessHeap
FlushFileBuffers
ConnectNamedPipe
CreateNamedPipeW
GetConsoleMode
EncodePointer
CreateMutexA
CreateThread
WriteConsoleW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
CreateProcessW
GetWindowsDirectoryW
CreateFileW
FormatMessageW
LoadLibraryW
GetSystemDirectoryW
WaitForMultipleObjects
ReadFileEx
LoadLibraryA
SetEnvironmentVariableW
GetFileType
CancelIo
SetConsoleMode
CopyFileExW
GetFinalPathNameByHandleW
MoveFileExW
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
WaitNamedPipeW
FindClose
FindNextFileW
ReleaseMutex
IsDebuggerPresent
GetSystemTimePreciseAsFileTime
QueryPerformanceFrequency
TerminateProcess
GetExitCodeProcess
SleepEx
WriteFileEx
GetStdHandle
SetFilePointerEx
SetFileInformationByHandle
GetFileAttributesW
OutputDebugStringA
OutputDebugStringW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
LoadLibraryExW
CloseHandle
FreeLibrary
GetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
GetFileInformationByHandle
GetTickCount
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
WideCharToMultiByte
SystemTimeToFileTime
GetCurrentProcessId
GetFileSize
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
GetSystemInfo
HeapReAlloc
DeleteFileA
WaitForSingleObjectEx
CreateFileA
FlushViewOfFile
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
GetDiskFreeSpaceW
GetFullPathNameW
HeapCreate
AreFileApisANSI
RaiseException
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
UnregisterWaitEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetWaitableTimer
CreateWaitableTimerExW
SwitchToThread
GetCurrentThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
CompareStringOrdinal
SetHandleInformation
DeleteProcThreadAttributeList
FreeEnvironmentStringsW
GetLastError
CreateEventW
GetTimeZoneInformationForYear
GetModuleHandleA
SetFileCompletionNotificationModes
GetOverlappedResult
PostQueuedCompletionStatus
GetQueuedCompletionStatusEx
CreateIoCompletionPort
TlsFree

advapi32

RegOpenKeyExW
RegQueryValueExW
SystemFunction036
RegGetValueW
RegCreateKeyExW
RegSetValueExW
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
RegCloseKey

user32

VkKeyScanW
PostThreadMessageW
GetAsyncKeyState
GetKeyboardState
IsProcessDPIAware
GetDC
CreateAcceleratorTableW
ToUnicodeEx
GetKeyState
MapVirtualKeyExW
LoadCursorW
SystemParametersInfoA
PeekMessageW
DispatchMessageW
SetCursor
IsWindowVisible
AdjustWindowRectEx
GetWindowRect
TranslateMessage
TranslateAcceleratorW
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
GetRawInputData
MonitorFromPoint
PostQuitMessage
GetAncestor
GetMessageW
ValidateRect
IsIconic
GetMonitorInfoW
SetWindowPos
GetKeyboardLayout
CheckMenuItem
GetUpdateRect
GetWindowLongPtrW
DefWindowProcW
SetWindowDisplayAffinity
GetActiveWindow
GetMenu
MapVirtualKeyW
SetMenu
ShowCursor
ReleaseCapture
ClipCursor
GetClipCursor
EnableMenuItem
GetSystemMenu
ShowWindow
SetWindowLongW
SendMessageW
DestroyIcon
DestroyAcceleratorTable
SetCapture
SetWindowLongPtrW
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
RegisterClassExW
RegisterWindowMessageA
PostMessageW
CreateIcon
EnumChildWindows
GetClientRect
SetMenuItemInfoW
CreateMenu
GetMessageA
DispatchMessageA
MonitorFromWindow
FlashWindowEx
RedrawWindow
ScreenToClient
GetCursorPos
CloseTouchInputHandle
GetTouchInputInfo
TrackMouseEvent
AppendMenuW
MonitorFromRect
ClientToScreen
EnumDisplayMonitors
ChangeDisplaySettingsExW
GetWindowLongW
SendInput
AllowSetForegroundWindow
GetForegroundWindow
DestroyWindow
SetForegroundWindow
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW
SetCursorPos
InvalidateRgn
GetWindowPlacement
SetWindowPlacement

comctl32

RemoveWindowSubclass
SetWindowSubclass
DefSubclassProc

ole32

CoUninitialize
CoCreateInstance
OleInitialize
CreateStreamOnHGlobal
CoTaskMemFree
RegisterDragDrop
CoTaskMemAlloc
RevokeDragDrop
CoInitializeEx

shell32

ShellExecuteW
SHGetKnownFolderPath
DragFinish
DragQueryFileW
CommandLineToArgvW
SHAppBarMessage

gdi32

GetDeviceCaps
CreateRectRgn
DeleteObject

dwmapi

DwmEnableBlurBehindWindow

secur32

FreeContextBuffer
InitializeSecurityContextW
DeleteSecurityContext
AcceptSecurityContext
QueryContextAttributesW
AcquireCredentialsHandleA
FreeCredentialsHandle
DecryptMessage
ApplyControlToken
EncryptMessage

ws2_32

getaddrinfo
freeaddrinfo
closesocket
getpeername
getsockname
WSASocketW
bind
connect
ioctlsocket
getsockopt
shutdown
WSACleanup
WSAStartup
recv
send
WSASend
setsockopt
WSAGetLastError
WSAIoctl

crypt32

CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertDuplicateCertificateContext
CertDuplicateStore
CertDuplicateCertificateChain
CertFreeCertificateChain
CertCloseStore
CertOpenStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore

oleaut32

GetErrorInfo
SetErrorInfo
SysFreeString
SysStringLen

uxtheme

SetWindowTheme

ntdll

RtlNtStatusToDosError
NtReadFile
NtWriteFile
NtCancelIoFileEx
NtDeviceIoControlFile
NtOpenFile
NtCreateFile

bcrypt

BCryptGenRandom

api-ms-win-crt-math-l1-1-0

floor
round
trunc
__setusermatherr
log
pow

api-ms-win-crt-string-l1-1-0

_wcsicmp
strcspn
wcslen
wcsncmp
strlen
strncmp
strcmp
strcpy_s
strspn

api-ms-win-crt-heap-l1-1-0

_callnewh
realloc
malloc
free
calloc
_set_new_mode
_msize

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s
_wtoi64

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_initialize_onexit_table
_crt_atexit
terminate
_get_initial_narrow_environment
_endthreadex
abort
_beginthreadex
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_initialize_narrow_environment
__p___argv
__p___argc
_exit
_seh_filter_exe
_configure_narrow_argv
exit
_set_app_type
_initterm
_initterm_e

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 8.9MB - Virtual size: 8.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15.3MB - Virtual size: 15.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 452KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1000KB - Virtual size: 1000KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86f4b0de3fe73d34514f61122d9b2302

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

kernel32

advapi32

user32

comctl32

ole32

shell32

gdi32

dwmapi

secur32

ws2_32

crypt32

oleaut32

uxtheme

ntdll

bcrypt

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 8.9MB - Virtual size: 8.9MB

.rdata Size: 15.3MB - Virtual size: 15.3MB

.data Size: 36KB - Virtual size: 48KB

.pdata Size: 452KB - Virtual size: 452KB

.rsrc Size: 1000KB - Virtual size: 1000KB

.reloc Size: 56KB - Virtual size: 56KB

.text
Size: 8.9MB - Virtual size: 8.9MB

.rdata
Size: 15.3MB - Virtual size: 15.3MB

.data
Size: 36KB - Virtual size: 48KB

.pdata
Size: 452KB - Virtual size: 452KB

.rsrc
Size: 1000KB - Virtual size: 1000KB

.reloc
Size: 56KB - Virtual size: 56KB