dzip30[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dzip30.zip
Size

173KB
MD5

098eaf8dd4df5b7bf58b827d2748c7a5
SHA1

0a33f1f9af8fa197918ee75ddcba07db9da5114f
SHA256

3f3ba3af1c7b30157b1bf786cde959617c3776fd09f37959c8f00e9faa09a9de
SHA512

65a4d77e52a1ecd10d14b97ed60bb4705e8bfd288fb0d0f24fb42642b6a0136d96d7d07a79d5c327e7896fb11693f5d7d2fe19a3d40f8557a9dee26f6d2a1df7
SSDEEP

3072:H43C837E3QLIx/zJwkQib4Q12IgxCy3E6UFV9hR2l7jjQc74eUo9o9q93mr4m:Y3C837i3xqa12VCZ6U/9HbeJ9Aq93g

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/DzipGui.exe
unpack001/DzipShlx.dll
unpack001/dzip.exe
unpack001/dzip_dz.dll
unpack001/dzip_pak.dll

Files

dzip30.zip
.zip
DzipGui.exe
.exe windows:6 windows x86 arch:x86

1aa1ef17a72f60f74cfd50ab7766dae9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

CreateToolbarEx
ImageList_Add
ord6
ImageList_GetIcon
ImageList_AddMasked
ImageList_Destroy
ImageList_Create
ord17

kernel32

FreeLibrary
GetModuleFileNameA
GetProcAddress
LoadLibraryA
LocalFileTimeToFileTime
SetFileTime
WriteFile
GetTempPathA
Sleep
GlobalAlloc
GetFileSize
SetEndOfFile
MoveFileA
GetModuleHandleA
CompareStringA
GetNumberFormatA
GetCurrentThreadId
RemoveDirectoryA
TerminateThread
GetVersion
GetWindowsDirectoryA
GetShortPathNameA
MoveFileExA
LoadResource
FindResourceA
SetUnhandledExceptionFilter
SetErrorMode
SuspendThread
ResumeThread
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetLocaleInfoA
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
FormatMessageA
DosDateTimeToFileTime
LocalFree
GetLastError
GetFileAttributesA
CreateDirectoryA
LCMapStringA
FileTimeToDosDateTime
CloseHandle
DeleteFileA
SetFilePointer
ReadFile
GetFullPathNameA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
CreateFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
CreateThread
GetModuleHandleW

user32

SystemParametersInfoA
AttachThreadInput
RegisterClipboardFormatA
GetWindowTextA
SetTimer
KillTimer
PeekMessageA
PostMessageA
MsgWaitForMultipleObjects
GetMenuState
DestroyMenu
TrackPopupMenuEx
GetCaretPos
DestroyIcon
RegisterClassA
CreateAcceleratorTableA
DestroyAcceleratorTable
LoadBitmapA
TranslateMessage
DispatchMessageA
DefWindowProcA
TranslateAcceleratorA
SetCursor
LoadCursorA
FillRect
SetMenu
LoadImageA
GetClientRect
InvalidateRgn
CheckMenuItem
DestroyWindow
CreateWindowExA
LoadStringA
EnableWindow
IsDlgButtonChecked
CheckDlgButton
SetDlgItemTextA
GetSysColor
DrawStateA
DrawTextA
SetMenuItemInfoA
DeleteMenu
AppendMenuA
GetMenuItemCount
EnableMenuItem
CreatePopupMenu
GetMessageA
CreateMenu
SendMessageA
CallWindowProcA
SetForegroundWindow
SetWindowLongA
LoadIconA
EnumWindows
GetClassWord
MessageBeep
MessageBoxA
GetWindowRect
SetWindowTextA
ReleaseDC
GetDC
SendDlgItemMessageA
GetDlgItemTextA
GetDlgItem
EndDialog
GetParent
ShowWindow
MoveWindow
GetWindowPlacement
DialogBoxParamA
SetFocus

gdi32

StretchDIBits
CreateCompatibleBitmap
SetTextColor
SetBkColor
SelectObject
CreateFontIndirectA
GetTextExtentPoint32A
DeleteObject
CreateFontA
CreateCompatibleDC
GetDeviceCaps

shell32

SHGetSpecialFolderLocation
DragAcceptFiles
SHGetFileInfoA
SHChangeNotify
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
DragFinish
DragQueryFileA
ShellExecuteA

ole32

OleInitialize
OleUninitialize
DoDragDrop

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegEnumKeyExA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA

vcruntime140

_except_handler4_common
__current_exception_context
__current_exception
strchr
strstr
memset
memcpy
strrchr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__stdio_common_vsscanf
__stdio_common_vsprintf
__p__commode

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
realloc
malloc

api-ms-win-crt-string-l1-1-0

_strnicmp
_stricmp
strpbrk
_strdup

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-runtime-l1-1-0

_exit
_initterm_e
_cexit
_c_exit
_get_narrow_winmain_command_line
_initialize_narrow_environment
_set_app_type
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_initterm
_controlfp_s
terminate
_configure_narrow_argv
_seh_filter_exe
exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DzipGui.txt
DzipShlx.dll
.dll windows:6 windows x86 arch:x86

b11fcf0a79dea3cbb8c54d20ed289d5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

api-ms-win-crt-string-l1-1-0

_stricmp
_strdup
strncpy

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
realloc
free

vcruntime140

_CxxThrowException
strrchr
__std_exception_destroy
__std_exception_copy

kernel32

SetUnhandledExceptionFilter
GetCurrentProcess
FindClose
FindFirstFileA
TerminateProcess
CreateProcessA
FreeLibrary
GetModuleFileNameA
GetProcAddress
LoadLibraryA
GlobalFree
lstrlenA
lstrlenW
UnhandledExceptionFilter
FindNextFileA
IsProcessorFeaturePresent

user32

wsprintfA
InsertMenuA
LoadBitmapA
SetMenuItemBitmaps

gdi32

DeleteObject

shell32

DragQueryFileA
SHGetPathFromIDListA

advapi32

RegQueryValueExA
RegOpenKeyA
RegCloseKey

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dzip.exe
.exe windows:6 windows x86 arch:x86

50def8447d51f9bf102426b0278d5197

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindNextFileA
SetEndOfFile
FileTimeToDosDateTime
CreateDirectoryA
CreateFileA
LocalFileTimeToFileTime
SetFileTime
CloseHandle
DosDateTimeToFileTime
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW

vcruntime140

__current_exception
memcpy
memmove
memset
strchr
_except_handler4_common
__current_exception_context

api-ms-win-crt-stdio-l1-1-0

fread
fseek
ftell
fopen
fclose
fwrite
__stdio_common_vsprintf
__p__commode
_get_osfhandle
fflush
__acrt_iob_func
__stdio_common_vfprintf
_set_fmode
_fileno

api-ms-win-crt-heap-l1-1-0

malloc
calloc
free
realloc
_set_new_mode

api-ms-win-crt-filesystem-l1-1-0

remove

api-ms-win-crt-runtime-l1-1-0

_errno
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
_set_app_type
exit
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
strerror
_exit
_seh_filter_exe
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_controlfp_s
terminate
_configure_narrow_argv

api-ms-win-crt-string-l1-1-0

strncpy
strpbrk
_stricmp
_strdup

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dzip.txt
dzip_dz.dll
.dll windows:6 windows x86 arch:x86

d16fe2ae546c4a1bd11461b15ea8d6b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func

api-ms-win-crt-string-l1-1-0

memset
_stricmp

vcruntime140

memcpy
memmove
strchr

kernel32

IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

Exports

Exports

GetDllFuncs
GetExtensions

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dzip_pak.dll
.dll windows:6 windows x86 arch:x86

25985f28f0480b3db4343b8fd2834215

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-string-l1-1-0

memset

Exports

Exports

GetDllFuncs
GetExtensions

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1aa1ef17a72f60f74cfd50ab7766dae9

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

shell32

ole32

comdlg32

advapi32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 79KB - Virtual size: 78KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 512B - Virtual size: 6KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 6KB - Virtual size: 6KB

b11fcf0a79dea3cbb8c54d20ed289d5b

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

vcruntime140

kernel32

user32

gdi32

shell32

advapi32

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 800B

50def8447d51f9bf102426b0278d5197

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 63KB - Virtual size: 62KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 512B - Virtual size: 5.0MB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 3KB

d16fe2ae546c4a1bd11461b15ea8d6b7

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-crt-heap-l1-1-0

.text
Size: 79KB - Virtual size: 78KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 512B - Virtual size: 6KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 6KB - Virtual size: 6KB

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 800B

.text
Size: 63KB - Virtual size: 62KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 512B - Virtual size: 5.0MB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 5.0MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: - Virtual size: 176B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 284B