darkvision[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

darkvision.zip
Size

1.5MB
MD5

7ebbc15bcd7ffb54e10ef95d37f91466
SHA1

983f759873248e1cc149dde05272f27cecee7d8d
SHA256

2ef00351268aea7fb093b96a3ed32cbf1128aff405d38c12114ca6e3768b24f3
SHA512

d87dcf90fc7497e139cfb69374e6eb42f022cdc0bc2f575540e6d4782562b056501609b6409587468b4433a488d004639c5e123634f3c3ace5e71e393cdda2e8
SSDEEP

49152:kNu3AfUgDQMWxzqXSLGvYDmw1H7LYEPA2KuwyA:V6nWxzqScY5BLYEPA2KuwT

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6dc5fcbd3d05cb11dc4731aea996c7cbc213253c4d4b119799c5ddedebe537fb
unpack001/9a29cb7a67e1b38987ba886b673cda3f3c67b75e31ab92710d2cabae66881cee

Files

darkvision.zip
.zip
6dc5fcbd3d05cb11dc4731aea996c7cbc213253c4d4b119799c5ddedebe537fb
.exe windows:6 windows x64 arch:x64

c2d457ad8ac36fc9f18d45bffcd450c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WriteFile
WriteConsoleW
WerSetFlags
WerGetFlags
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
RtlVirtualUnwind
RtlLookupFunctionEntry
ResumeThread
RaiseFailFastException
PostQueuedCompletionStatus
LoadLibraryW
LoadLibraryExW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetErrorMode
GetEnvironmentStringsW
GetCurrentThreadId
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler
AddVectoredContinueHandler

Sections

.text
Size: 788KB - Virtual size: 787KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 102KB - Virtual size: 654KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9a29cb7a67e1b38987ba886b673cda3f3c67b75e31ab92710d2cabae66881cee
.exe windows:5 windows x86 arch:x86

9e0f474595b57e4ee425966931438737

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenMutexW
GetLastError
OpenEventW
Wow64DisableWow64FsRedirection
ExitProcess
CreateThread
LocalFree
lstrcpyW
GetProcessHeap
IsWow64Process
GetCurrentProcess
GetProcAddress
GetModuleHandleW
lstrlenW
InterlockedDecrement
GetSystemDirectoryW
GetWindowsDirectoryW
GetModuleFileNameW
lstrcmpiW
LocalAlloc
lstrcpyA
CloseHandle
LoadLibraryW
DeleteFileW
WriteFile
CreateFileW
CreateDirectoryW
Sleep
GetCommandLineW
VirtualFree
LoadLibraryA
VirtualAlloc
RemoveDirectoryW
WaitForSingleObject
ReadFile
GetFileSize
CreateEventW
SetEvent
ResumeThread
CreateMutexW
lstrlenA
WaitForMultipleObjects
ReleaseMutex
GetModuleHandleA
TerminateThread
GetExitCodeThread
GetNativeSystemInfo
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
VirtualProtect
GetTickCount
GetComputerNameExW
GetUserGeoID
GetCurrentProcessId
GetFileAttributesExW
HeapReAlloc
WriteConsoleW
SetStdHandle
HeapSize
GetStringTypeW
LCMapStringW
FlushFileBuffers
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
QueryPerformanceCounter
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
HeapAlloc
HeapFree
RtlUnwind
RaiseException
GetCommandLineA
HeapSetInformation
GetStartupInfoW
IsProcessorFeaturePresent
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCPInfo
InterlockedIncrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetStdHandle
HeapCreate
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount

user32

wsprintfW
GetAsyncKeyState
wsprintfA
GetForegroundWindow
SetWindowTextW
MessageBoxW
DefWindowProcW
RegisterClassW
GetMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
UnregisterClassW
PostMessageW
CreateWindowExW

ole32

CoCreateInstance

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

Exports

Exports

GetModuleHandle64
GetProcAddress64
GetThreadContext64
ReadProcessMemory64
SetLastErrorFromX64Call
SetThreadContext64
VirtualAllocEx64
VirtualFreeEx64
VirtualProtectEx64
VirtualQueryEx64
WriteProcessMemory64
X64Call

Sections

.text
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 313KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c2d457ad8ac36fc9f18d45bffcd450c2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 788KB - Virtual size: 787KB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 102KB - Virtual size: 654KB

.pdata Size: 20KB - Virtual size: 19KB

.xdata Size: 512B - Virtual size: 180B

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 17KB - Virtual size: 17KB

.symtab Size: 512B - Virtual size: 4B

9e0f474595b57e4ee425966931438737

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 190KB - Virtual size: 190KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 313KB - Virtual size: 330KB

.rsrc Size: 1024B - Virtual size: 752B

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 788KB - Virtual size: 787KB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 102KB - Virtual size: 654KB

.pdata
Size: 20KB - Virtual size: 19KB

.xdata
Size: 512B - Virtual size: 180B

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 17KB - Virtual size: 17KB

.symtab
Size: 512B - Virtual size: 4B

.text
Size: 190KB - Virtual size: 190KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 313KB - Virtual size: 330KB

.rsrc
Size: 1024B - Virtual size: 752B

.reloc
Size: 15KB - Virtual size: 15KB