Kuraue[.]rar | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Kuraue.rar
Size

40.3MB
MD5

9ec5a4281710cc926aa67831ae49a306
SHA1

69e975cbe5d712124741ecf4ef29fb18c92b5fa2
SHA256

523d9fe54d3b79872a41831a12eb1bdaec314fb3449c04460c256a822dbb8940
SHA512

8a5cbf32490e5989a384e183d784570c4e3c0fbd959da2df32cbf70273d2fe22d9897f42fcd373ac8a83f08e7ce4c053a0263366781b398c802ea1ff66bd2586
SSDEEP

786432:M7CrxpA1bYXNjo1i5l98F+BDDN1AEkg2Y1hibDzDA5cAV2ddvGj:M72GaNcM7988gg2Y1P5/yGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/Kuraue/047bc92d1dd3edd255f4eb31b42b1f1fbc9ce087096652c7c65fa4b14ba26d9e.exe.vir
unpack001/Kuraue/10d901f924e9009c88e2021c8ab55a029743a682df01de2f1fb4227afe8ceb82.exe.vir
unpack001/Kuraue/873782499615a3825a38623440408cc78ac6ab38d8e05379aa921b9185df4075.exe.vir

Files

Kuraue.rar
.rar
Kuraue/047bc92d1dd3edd255f4eb31b42b1f1fbc9ce087096652c7c65fa4b14ba26d9e.exe.vir
.exe windows:4 windows x86 arch:x86

a1c9325fdbdbea119ccff48e43226aa8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapAlloc
HeapFree
RaiseException
TerminateProcess
HeapReAlloc
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
Sleep
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
InterlockedExchange
CreateFileA
GetCurrentProcess
SetErrorMode
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
GlobalFlags
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrcpynA
GetLastError
CloseHandle
GetModuleFileNameA
GlobalAlloc
lstrcmpA
GetCurrentThread
MulDiv
SetLastError
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GlobalLock
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
LocalFree
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
CreateDirectoryA
GetModuleHandleA
SetHandleCount
GetProcAddress

user32

PeekMessageA
GetSysColor
MapWindowPoints
SendDlgItemMessageA
PostMessageA
SetDlgItemTextA
IsDialogMessageA
SetWindowTextA
ShowWindow
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
GetMenuCheckMarkDimensions
ClientToScreen
GetDC
ReleaseDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
PostQuitMessage
SetCursor
GetCursorPos
ValidateRect
TranslateMessage
GetMessageA
DestroyMenu
GetClassNameA
PtInRect
LoadCursorA
GetSysColorBrush
DispatchMessageA
GetFocus
SetFocus
AdjustWindowRectEx
CopyRect
IsWindowVisible
GetTopWindow
MessageBoxA
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetParent
GetWindowLongA
GetDlgItem
IsWindowEnabled
LoadStringA
LoadIconA
InvalidateRect
IsIconic
GetSystemMenu
SetMenu
InsertMenuA
AppendMenuA
CreatePopupMenu
CreateMenu
DrawIcon
UpdateWindow
GetClientRect
LoadBitmapA
GetSystemMetrics
SendMessageA
EnableWindow
GetClassLongA
UnregisterClassA

gdi32

SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SetTextColor
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetClipBox
SetPixel
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
DeleteObject
GetObjectA
BitBlt
CreateCompatibleDC
SetBkColor

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

shell32

ShellExecuteA

comctl32

ord17

ws2_32

recv
closesocket
connect
htons
WSACleanup
socket
WSAStartup
inet_addr

Sections

.text
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25.9MB - Virtual size: 25.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Kuraue/10d901f924e9009c88e2021c8ab55a029743a682df01de2f1fb4227afe8ceb82.exe.vir
.exe windows:6 windows x86 arch:x86

7bfdea093352c499ff7fe3a6476f0da1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32First
VirtualProtect
GetModuleHandleA
CreateToolhelp32Snapshot
Sleep
CreateFileA
Process32Next
CloseHandle
K32GetModuleInformation
CreateFileMappingA
FreeLibrary
MapViewOfFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
WriteConsoleW
RtlUnwind
RaiseException
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
HeapSize
HeapReAlloc
CreateFileW
DecodePointer

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 135KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Kuraue/873782499615a3825a38623440408cc78ac6ab38d8e05379aa921b9185df4075.exe.vir
.exe windows:6 windows x64 arch:x64

f0ea7b7844bbc5bfa9bb32efdcea957c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 714KB - Virtual size: 714KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a1c9325fdbdbea119ccff48e43226aa8

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

ws2_32

Sections

.text Size: 132KB - Virtual size: 129KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 16KB - Virtual size: 30KB

.rsrc Size: 25.9MB - Virtual size: 25.9MB

7bfdea093352c499ff7fe3a6476f0da1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 55KB - Virtual size: 54KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 6KB - Virtual size: 8KB

.rsrc Size: 135KB - Virtual size: 136KB

.reloc Size: 4KB - Virtual size: 3KB

f0ea7b7844bbc5bfa9bb32efdcea957c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 714KB - Virtual size: 714KB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 18KB - Virtual size: 370KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 13KB - Virtual size: 13KB

.symtab Size: 112KB - Virtual size: 111KB

.text
Size: 132KB - Virtual size: 129KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 16KB - Virtual size: 30KB

.rsrc
Size: 25.9MB - Virtual size: 25.9MB

.text
Size: 55KB - Virtual size: 54KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 135KB - Virtual size: 136KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 714KB - Virtual size: 714KB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 18KB - Virtual size: 370KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 13KB

.symtab
Size: 112KB - Virtual size: 111KB