mirage (extract[.]me)[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

mirage (extract.me).zip
Size

7.8MB
MD5

7af1f13d0ff2a634c8758bb82c84d7f3
SHA1

9cdb27b3ba89b2fa0ece6b37ffdeaec1ec470de2
SHA256

6c58ee32b850b99c4aefb0eb18797b0e14d3c380e03c686bd82865a42fbd39c0
SHA512

ef87bbb48cca9d604236ec52eaae2969af4439651ff43886c2c4c11410e364ea751d8744fcbc13d6714105e516dddc68fd64817bf4775eeacdf004bf26f72f8e
SSDEEP

98304:1RnZs7Axneqj5Ie8p/uWSMs8EJDSJgn66jd8q/80Zt2IHjG5phrNYj2VJkAAvhhA:G75iI/p/u2s8E4eTj80ZJjwNfJkfvTI

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Sentinal.dll
unpack001/mirage.exe

Files

mirage (extract.me).zip
.zip
Sentinal.dll
.dll windows:6 windows x64 arch:x64

826ef16799ff27bb9b68f910d876b3b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

getaddrinfo

wldap32

ord41

crypt32

CertFreeCertificateContext

advapi32

ReportEventW
RegCloseKey

kernel32

WideCharToMultiByte
GetModuleHandleA

user32

MessageBoxA
DefWindowProcW

shell32

ShellExecuteA
SHGetDiskFreeSpaceA

shlwapi

PathFindFileNameA

userenv

UnloadUserProfile

rpcrt4

RpcStringFreeA

bcrypt

BCryptGenRandom

imagehlp

ImageNtHeader

wintrust

WinVerifyTrust

Exports

Exports

s_activate
s_filestream
s_get_expiry
s_get_level
s_get_response
s_get_username
s_init
s_log
s_login
s_registr
s_token
s_var

Sections

.rsrc
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 772KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
mirage.exe
.exe windows:6 windows x64 arch:x64

aca67546fc8f9b2f7da6568046e9fcd4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

TranslateMessage

gdi32

CreateSolidBrush

advapi32

RegSetKeyValueW

shell32

SHGetFolderPathW

sentinal

s_token

msvcp140

?widen@?$ctype@_W@std@@QEBA_WD@Z

d3d11

D3D11CreateDeviceAndSwapChain

ntdll

RtlInitUnicodeString

imm32

ImmGetContext

d3dcompiler_47

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset

api-ms-win-crt-heap-l1-1-0

_set_new_mode

api-ms-win-crt-runtime-l1-1-0

__p___argv

api-ms-win-crt-math-l1-1-0

floorf

api-ms-win-crt-stdio-l1-1-0

fputc

api-ms-win-crt-filesystem-l1-1-0

_unlock_file

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-time-l1-1-0

_localtime64

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-string-l1-1-0

strcmp

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: - Virtual size: 488KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.BhZ
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.FmH
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.1y@
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

826ef16799ff27bb9b68f910d876b3b2

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

crypt32

advapi32

kernel32

user32

shell32

shlwapi

userenv

rpcrt4

bcrypt

imagehlp

wintrust

Exports

Exports

Sections

.rsrc Size: - Virtual size: 2.3MB

.rdata Size: - Virtual size: 772KB

.reloc Size: - Virtual size: 64KB

.reloc Size: - Virtual size: 104KB

.reloc Size: 30KB - Virtual size: 32KB

.pdata Size: - Virtual size: 6.4MB

.pdata Size: 114KB - Virtual size: 114KB

aca67546fc8f9b2f7da6568046e9fcd4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

sentinal

msvcp140

d3d11

ntdll

imm32

d3dcompiler_47

dwmapi

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: - Virtual size: 488KB

.rdata Size: - Virtual size: 122KB

.data Size: - Virtual size: 14KB

.pdata Size: - Virtual size: 18KB

.BhZ Size: - Virtual size: 2.5MB

.FmH Size: 4KB - Virtual size: 4KB

.1y@ Size: 4.0MB - Virtual size: 4.0MB

.rsrc Size: 512B - Virtual size: 480B

.rsrc
Size: - Virtual size: 2.3MB

.rdata
Size: - Virtual size: 772KB

.reloc
Size: - Virtual size: 64KB

.reloc
Size: - Virtual size: 104KB

.reloc
Size: 30KB - Virtual size: 32KB

.pdata
Size: - Virtual size: 6.4MB

.pdata
Size: 114KB - Virtual size: 114KB

.text
Size: - Virtual size: 488KB

.rdata
Size: - Virtual size: 122KB

.data
Size: - Virtual size: 14KB

.pdata
Size: - Virtual size: 18KB

.BhZ
Size: - Virtual size: 2.5MB

.FmH
Size: 4KB - Virtual size: 4KB

.1y@
Size: 4.0MB - Virtual size: 4.0MB

.rsrc
Size: 512B - Virtual size: 480B