payload28[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

payload28.zip
Size

3.3MB
MD5

5fa6ecbb5ed6e4a18923f94bc268907c
SHA1

5ef9606856be5ea3a8ae875961e82b97f8433c8c
SHA256

c61e49d1e833a1bc9303c2fb2082571f2db96b603147c7bcd33ea1001a85a660
SHA512

a22ada75a3fb2a0f252c46fb90c459943be81c62666d775f653132840f6c719ef88bd49fd30be86ae94f00387e1f40e58a6d7e65f5f837bf33ad44a75b762f69
SSDEEP

98304:uzaB/jZ9Owlgig1tCR1X4XT6Xu/22805+:IaR/OwVGtCfoXT6+Zn5+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/v6.2.01.exe

Files

payload28.zip
.zip
v6.2.01.exe
.exe windows:6 windows x86 arch:x86

da9dc3140f81bd80f7118480dbb8308c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\GitLab-Runner\builds\qr55KSHn\1\endpoint\windows\WindowsSecurity\Allegro\Binary\Release\9.0.35\17\Win32\WRSA.pdb

Imports

kernel32

LocalFileTimeToFileTime
GetCurrentThreadId
GetLocalTime
GetDiskFreeSpaceExW
GetSystemTimeAsFileTime
RemoveDirectoryW
GetDriveTypeW
CreateDirectoryW
CreateFileW
GetFileAttributesW
SetUnhandledExceptionFilter
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExpandEnvironmentStringsW
ProcessIdToSessionId
VirtualFree
GetModuleHandleA
OpenProcess
GetLocaleInfoW
GetModuleHandleW
LoadResource
LockResource
SizeofResource
FindResourceW
WriteFile
CheckRemoteDebuggerPresent
FileTimeToSystemTime
GetVolumeInformationW
SetErrorMode
GetComputerNameW
GlobalFree
GetExitCodeProcess
DeleteFileW
DecodePointer
HeapSize
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindFirstFileExW
GetPrivateProfileStringW
GetUserDefaultUILanguage
CopyFileW
GetTimeFormatW
GetDateFormatW
SystemTimeToFileTime
FileTimeToLocalFileTime
TerminateThread
WaitForMultipleObjects
GetCommandLineA
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
OpenEventW
CreateEventW
ReleaseMutex
DuplicateHandle
GetCommandLineW
GetProcAddress
FreeLibrary
ExitProcess
SetEvent
GlobalAlloc
GetTickCount64
WaitForSingleObject
CloseHandle
Sleep
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThread
GlobalLock
GlobalUnlock
DeviceIoControl
LocalAlloc
LocalFree
GetSystemTime
VerSetConditionMask
VerifyVersionInfoW
GetFileSizeEx
SetHandleInformation
UnmapViewOfFile
SetFileAttributesW
CreateFileMappingA
MoveFileExW
MapViewOfFile
GetTickCount
MoveFileW
MulDiv
CreateMutexW
LoadLibraryW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetProcessTimes
GetSystemDirectoryA
LoadLibraryA
ResetEvent
SetFilePointer
SetEndOfFile
CreateSemaphoreW
GetSystemInfo
CreateFileMappingW
AssignProcessToJobObject
ResumeThread
GetFileSize
SetThreadPriority
FindResourceA
CreateThread
QueryDosDeviceW
CreateEventA
TryAcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
SwitchToThread
OutputDebugStringA
WaitForSingleObjectEx
CompareFileTime
TryEnterCriticalSection
GetSystemPowerStatus
LoadLibraryExW
VirtualProtectEx
ReadFile
WTSGetActiveConsoleSessionId
ReleaseSemaphore
CreateSemaphoreA
GetFileAttributesA
CreateFileA
DeleteFileA
CreateDirectoryA
GetShortPathNameW
ReadProcessMemory
VirtualQueryEx
GetProcessIoCounters
CancelIoEx
GetOverlappedResult
GetFileAttributesExW
QueryFullProcessImageNameW
Thread32Next
Thread32First
CreateToolhelp32Snapshot
OpenThread
AreFileApisANSI
FindFirstFileW
CompareStringW
SetLastError
GetFullPathNameW
FindNextFileW
GetLongPathNameW
GetStdHandle
GetCPInfo
GetProcessAffinityMask
SetFileTime
GetModuleFileNameW
FoldStringW
CreateHardLinkW
FindClose
GetVersionExW
GetSystemDirectoryW
GetConsoleMode
TzSpecificLocalTimeToSystemTime
IsDBCSLeadByte
SetThreadExecutionState
SystemTimeToTzSpecificLocalTime
GetFileType
FlushFileBuffers
GetOEMCP
PeekNamedPipe
GetACP
IsValidCodePage
GetFileInformationByHandle
VerLanguageNameW
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InitializeSRWLock
InitializeCriticalSectionEx
GetExitCodeThread
QueryPerformanceFrequency
RtlUnwind
RaiseException
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ReadConsoleW
GetConsoleOutputCP
SetFilePointerEx
SetStdHandle
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
GetStringTypeW
CreateProcessW

user32

TranslateMessage
EndPaint
BeginPaint
PostQuitMessage
FillRect
DrawTextW
CreateWindowExW
CallWindowProcW
DrawIcon
DrawFrameControl
FindWindowA
SetRect
SetCursor
LoadCursorW
SetLayeredWindowAttributes
MoveWindow
AttachThreadInput
ClientToScreen
DrawTextA
OffsetRect
GetClassNameA
SetWindowTextW
InflateRect
GetMonitorInfoW
GetShellWindow
MonitorFromRect
EqualRect
FindWindowExW
SystemParametersInfoW
FindWindowExA
UnhookWindowsHookEx
WaitForInputIdle
CallNextHookEx
MapWindowPoints
GetFocus
GetMessagePos
SendInput
GetGUIThreadInfo
SetWindowsHookExW
MapVirtualKeyExW
CreateDesktopW
CharToOemBuffW
OemToCharA
CharToOemA
OemToCharBuffA
CharLowerW
CharUpperW
GetMessageW
PostThreadMessageW
LockWorkStation
DispatchMessageW
GetWindowLongW
wsprintfW
EnumWindows
GetDC
IsWindowVisible
EnumDisplayDevicesW
GetGuiResources
ReleaseDC
GetWindowDC
PtInRect
MessageBoxW
MessageBeep
GetAncestor
GetForegroundWindow
keybd_event
GetAsyncKeyState
GetKeyboardLayout
GetWindowTextW
SwitchToThisWindow
IsWindow
DestroyIcon
LoadImageA
LoadImageW
SetTimer
GetClientRect
SetWindowRgn
SetWindowPos
GetWindowRect
DestroyWindow
DefWindowProcW
CheckMenuItem
EnableWindow
IsIconic
InvalidateRect
GetWindowThreadProcessId
FindWindowW
GetDesktopWindow
SetForegroundWindow
TrackPopupMenu
AppendMenuW
EnableMenuItem
DestroyMenu
CreatePopupMenu
PostMessageW
GetSystemMetrics
UpdateWindow
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
KillTimer
ShowWindow
SetFocus
SendMessageW
SetWindowTextA
ScreenToClient
GetCursorPos
GetWindowTextA
GetMessageExtraInfo
SetMessageExtraInfo
UnhookWinEvent
SetWinEventHook
SetWindowLongW

gdi32

ExcludeClipRect
GetDeviceCaps
CreateDIBSection
DeleteDC
BitBlt
SetTextColor
SelectObject
CreateCompatibleDC
DeleteObject
CreateRoundRectRgn
SetBkMode
GetStockObject
CreateCompatibleBitmap
GetPixel
CreateSolidBrush
CreatePen
SetWorldTransform
SetDCPenColor
RoundRect
SetStretchBltMode
SetDCBrushColor
Rectangle
StretchBlt
SetGraphicsMode
PatBlt
SetPixel
IntersectClipRect
ExtTextOutW
SetBkColor
SelectClipRgn
MoveToEx
LineTo
CreateFontA
GetObjectW
SetBrushOrgEx
CombineRgn
CreateRectRgn

advapi32

SetEntriesInAclW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegGetValueW
RegOpenKeyExW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
GetUserNameW
TraceMessage
DuplicateTokenEx
GetLengthSid
SetThreadToken
OpenProcessToken
ConvertStringSidToSidW
SetTokenInformation
GetTokenInformation
SetSecurityInfo
InitializeAcl
CheckTokenMembership
FreeSid
CreateWellKnownSid
AllocateAndInitializeSid
RegNotifyChangeKeyValue
OpenSCManagerA
CreateProcessAsUserW
GetFileSecurityW
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetAce
GetAclInformation
GetSecurityDescriptorDacl
ConvertSidToStringSidW
IsValidSid
RegOpenKeyW
RegEnumKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW

gdiplus

GdiplusStartup
GdiplusShutdown
GdipGetImageHeight
GdipDrawImageRect
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipGetImageWidth
GdipLoadImageFromStream

ws2_32

getaddrinfo
WSAAddressToStringA
freeaddrinfo
closesocket
gethostbyname
inet_addr
send
socket
htons
connect

ole32

CreateStreamOnHGlobal

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 336KB - Virtual size: 335KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da9dc3140f81bd80f7118480dbb8308c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

gdiplus

ws2_32

ole32

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 336KB - Virtual size: 335KB

.data Size: 22KB - Virtual size: 43KB

.rsrc Size: 3.5MB - Virtual size: 3.5MB

.reloc Size: 104KB - Virtual size: 103KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 336KB - Virtual size: 335KB

.data
Size: 22KB - Virtual size: 43KB

.rsrc
Size: 3.5MB - Virtual size: 3.5MB

.reloc
Size: 104KB - Virtual size: 103KB