zcb3[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

zcb3.exe
Size

10.6MB
MD5

2b47d736890a56980cc5952141201311
SHA1

4f62754eeeba571bfc53d6a1368d75cc4c6ff867
SHA256

3693d2e605036e9b1f9401d496b0925a1573dbbfc2b2f19102a240f3272d9b6f
SHA512

33a65ac321bb9e6c4ad357b8348621a18191cd1f788b18409f1a51b6554f9cfe43d934936dced49234e178cf3d320d200f468b7c747b873fa314b9b3f86012fb
SSDEEP

98304:3yC3fvBV+CYEQ7aDBlPmDL5kSQS08a9iXkmMdTbnMd22ktfT:3bgRa9lPm/5UsVMdu22kN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
zcb3.exe

Files

zcb3.exe
.exe windows:6 windows x64 arch:x64

27e2547ca466ea793cd62642b78115fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntdll

NtDeviceIoControlFile
RtlCaptureContext
NtReadFile
RtlVirtualUnwind
RtlLookupFunctionEntry
NtWriteFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtCreateFile

kernel32

GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleMode
GetConsoleMode
ReleaseSRWLockExclusive
HeapReAlloc
SwitchToThread
AcquireSRWLockShared
GetProcAddress
ReleaseSRWLockShared
SetThreadStackGuarantee
AddVectoredExceptionHandler
FreeConsole
GetFileInformationByHandleEx
GetFileInformationByHandle
GetStdHandle
Sleep
GlobalFree
WakeAllConditionVariable
GlobalLock
GlobalSize
GetCurrentThreadId
MultiByteToWideChar
GlobalAlloc
FindNextFileW
FindClose
SetHandleInformation
CopyFileExW
MoveFileExW
GetSystemTimeAsFileTime
WriteFileEx
SleepEx
ReadFileEx
CreateThread
TryAcquireSRWLockExclusive
FreeLibrary
SetThreadErrorMode
LoadLibraryExW
GlobalUnlock
CreateNamedPipeW
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
GetFileAttributesW
SetFilePointerEx
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
GetFileType
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
CreateIoCompletionPort
SetFileCompletionNotificationModes
GetModuleHandleA
CloseHandle
SleepConditionVariableSRW
WakeConditionVariable
GetSystemInfo
GetLastError
QueryPerformanceCounter
AcquireSRWLockExclusive
HeapAlloc
GetProcessHeap
HeapFree
QueryPerformanceFrequency
CompareStringOrdinal
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindFirstFileW
CreateDirectoryW
GetFinalPathNameByHandleW
GetFullPathNameW
GetTempPathW
GetEnvironmentVariableW
ReleaseMutex
CreateMutexA
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcessId
LoadLibraryA
WaitForSingleObjectEx
GetCurrentDirectoryW
FormatMessageW
GetModuleHandleW
WriteConsoleW
GetCurrentThread
SetLastError
DuplicateHandle
GetCurrentProcess
CreateFileW
LoadLibraryW
ExitProcess
GetModuleFileNameW
GetCommandLineW
CreateProcessA
WaitForSingleObject
DeleteFileW
LocalFree

crypt32

CertDuplicateCertificateContext
CertDuplicateStore
CertCloseStore
CertFreeCertificateContext
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertGetCertificateChain
CertFreeCertificateChain
CertOpenStore
CertVerifyCertificateChainPolicy
CertDuplicateCertificateChain

user32

SetClipboardData
EmptyClipboard
ShowWindow
SetWindowLongW
GetSystemMenu
EnableMenuItem
GetClipCursor
ClipCursor
ShowCursor
DefWindowProcW
TranslateMessage
GetMessageW
ClientToScreen
DispatchMessageW
DestroyIcon
GetClipboardData
IsClipboardFormatAvailable
SystemParametersInfoA
GetWindowRect
CreateIcon
AdjustWindowRectEx
MsgWaitForMultipleObjectsEx
GetWindowLongW
SetPropW
GetWindowTextLengthW
GetKeyState
SetWindowLongPtrW
RegisterWindowMessageA
GetWindowTextW
ToUnicodeEx
GetRawInputData
RegisterRawInputDevices
SetCursorPos
FlashWindowEx
GetKeyboardState
PostThreadMessageW
GetMenu
GetCursorPos
CloseTouchInputHandle
GetTouchInputInfo
MapVirtualKeyA
SetCursor
LoadCursorW
TrackMouseEvent
SetCapture
ReleaseCapture
MonitorFromRect
DestroyWindow
ScreenToClient
SetWindowTextW
SetWindowPlacement
GetWindowPlacement
PeekMessageW
ChangeDisplaySettingsExW
IsProcessDPIAware
SetForegroundWindow
SendInput
MapVirtualKeyW
GetForegroundWindow
MonitorFromWindow
GetClassNameW
RegisterTouchWindow
InvalidateRgn
SetWindowPos
SetWindowDisplayAffinity
CreateWindowExW
RegisterClassExW
MonitorFromPoint
ValidateRect
GetDC
GetWindowLongPtrW
RedrawWindow
GetMonitorInfoW
EnumDisplayMonitors
GetClassInfoExW
CreateIconFromResourceEx
IsIconic
GetClientRect
SendMessageW
GetSystemMetrics
GetActiveWindow
ReleaseDC
GetPropW
PostMessageW
OpenClipboard
CloseClipboard
RemovePropW
GetKeyboardLayout
CallWindowProcW
GetUpdateRect

oleaut32

SafeArrayCreateVector
SysFreeString
SetErrorInfo
SafeArrayPutElement
SysAllocStringLen
SysStringLen
GetErrorInfo

uiautomationcore

UiaLookupId
UiaRaiseAutomationPropertyChangedEvent
UiaGetReservedNotSupportedValue
UiaHostProviderFromHwnd
UiaReturnRawElementProvider
UiaRaiseAutomationEvent

opengl32

wglGetProcAddress
wglGetCurrentContext
wglMakeCurrent
wglCreateContext
wglDeleteContext
wglShareLists
wglGetCurrentDC

gdi32

DeleteObject
DescribePixelFormat
ChoosePixelFormat
SwapBuffers
GetDeviceCaps
SetPixelFormat
CreateRectRgn

dwmapi

DwmEnableBlurBehindWindow

imm32

ImmReleaseContext
ImmGetCompositionStringW
ImmSetCandidateWindow
ImmGetContext
ImmAssociateContextEx

ole32

CoUninitialize
CoInitializeEx
RevokeDragDrop
RegisterDragDrop
OleInitialize
CoTaskMemFree
CoCreateInstance

winmm

timeGetDevCaps
timeEndPeriod
timeBeginPeriod

shlwapi

AssocQueryStringW

bcrypt

BCryptGenRandom

ws2_32

WSAGetLastError
getsockname
recv
WSACleanup
WSAStartup
freeaddrinfo
send
WSASend
getsockopt
closesocket
getaddrinfo
setsockopt
shutdown
WSASocketW
ioctlsocket
WSAIoctl
bind
connect
getpeername

advapi32

RegCloseKey
RegOpenKeyExW
SystemFunction036
RegQueryValueExW

secur32

QueryContextAttributesW
AcceptSecurityContext
InitializeSecurityContextW
DecryptMessage
DeleteSecurityContext
FreeCredentialsHandle
AcquireCredentialsHandleA
EncryptMessage
ApplyControlToken
FreeContextBuffer

shell32

DragFinish
CommandLineToArgvW
SHCreateItemFromParsingName
DragQueryFileW

uxtheme

SetWindowTheme

vcruntime140

__current_exception_context
__current_exception
__C_specific_handler
_CxxThrowException
memset
memmove
memcmp
memcpy
__CxxFrameHandler3

api-ms-win-crt-math-l1-1-0

_hypotf
sinh
log1p
ceil
log10
atan
powf
sinf
cosf
floor
atan2f
asin
truncf
expf
sin
tanh
acosf
cbrtf
trunc
tan
exp2f
_hypot
round
log
exp2
__setusermatherr
cosh
cos
log2
roundf
pow
fmod
fmodf
ceilf
floorf
acos

api-ms-win-crt-string-l1-1-0

wcslen
strlen

api-ms-win-crt-convert-l1-1-0

_wtoi64

api-ms-win-crt-runtime-l1-1-0

_initterm_e
exit
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_initterm
_exit
_set_app_type
_seh_filter_exe
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
terminate
_initialize_onexit_table
_register_onexit_function
_crt_atexit

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

Sections

.text
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 583KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 255KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27e2547ca466ea793cd62642b78115fd

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

crypt32

user32

oleaut32

uiautomationcore

opengl32

gdi32

dwmapi

imm32

ole32

winmm

shlwapi

bcrypt

ws2_32

advapi32

secur32

shell32

uxtheme

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 6.9MB - Virtual size: 6.9MB

.rdata Size: 3.4MB - Virtual size: 3.4MB

.data Size: 3KB - Virtual size: 583KB

.pdata Size: 255KB - Virtual size: 255KB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 27KB - Virtual size: 27KB

.text
Size: 6.9MB - Virtual size: 6.9MB

.rdata
Size: 3.4MB - Virtual size: 3.4MB

.data
Size: 3KB - Virtual size: 583KB

.pdata
Size: 255KB - Virtual size: 255KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 27KB - Virtual size: 27KB