Laplas - 08[.]12[.]2022 (FUD 3 of 71)[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Laplas - 08.12.2022 (FUD 3 of 71).zip
Size

643KB
MD5

5c2ed2918e16a5391a075cac5ea253f8
SHA1

65b69a1fbc7c7192ba16d3d82bbc5311b34ee6c6
SHA256

ff505670ae62fd1bfca0bf10d8cfb7874e3f5d5c823f5c8acf9e796cda5a1943
SHA512

f1a75b9246810613b1862c357d313ef1a681e60992a24d597380b5bcdb7e302918c3e74a7739428573e015cccf1672b789277169fee8f0db91c2f207f66189ec
SSDEEP

12288:w4LBZbIh5ct/eSQQt5bTy4fp+4IC1oT6YXGZzZ48WMPLJOP:w4LLbC5AJb+4fpjIsoTTXGZl4GLJOP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/setup.eexe

Files

Laplas - 08.12.2022 (FUD 3 of 71).zip
.zip

Password: infected
setup.eexe
.exe windows:6 windows x86 arch:x86

28b10c057e28f940e4becc8b85714d60

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Z:\Documents\projects\ng\third_party\aup_win\out\bin\pt_update_service.pdb

Imports

winhttp

WinHttpSetStatusCallback
WinHttpConnect
WinHttpCrackUrl
WinHttpQueryDataAvailable
WinHttpCloseHandle
WinHttpSendRequest
WinHttpSetOption
WinHttpOpenRequest
WinHttpReceiveResponse
WinHttpOpen
WinHttpQueryHeaders
WinHttpReadData

ws2_32

WSAStartup
inet_ntoa

kernel32

ReleaseMutex
DuplicateHandle
Sleep
OpenMutexA
CloseHandle
LocalFree
FormatMessageA
HeapFree
ReleaseSemaphore
WaitForMultipleObjectsEx
FormatMessageW
SetEvent
GetProcAddress
HeapAlloc
GetProcessHeap
WideCharToMultiByte
CreateSemaphoreA
CreateEventA
WriteFile
CreateFileA
WaitForSingleObject
CopyFileW
MultiByteToWideChar
GetCurrentThreadId
GetSystemTimeAsFileTime
GetVersionExA
lstrcmpiA
CreateThread
TerminateThread
GetModuleFileNameA
lstrlenA
LoadLibraryA
GetTickCount
WriteConsoleW
HeapSize
SwitchToThread
GetLastError
GetModuleHandleA
UnmapViewOfFile
GetSystemInfo
GlobalMemoryStatus
FlushConsoleInputBuffer
CreateMutexA
GetCurrentProcess
MapViewOfFileEx
OpenFileMappingA
DeleteFileW
CreateFileMappingA
GetConsoleCP
SetConsoleMode
ReadConsoleInputW
WaitForSingleObjectEx
TlsAlloc
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetLocaleInfoEx
GetStringTypeW
CompareStringEx
GetCPInfo
QueryPerformanceCounter
QueryPerformanceFrequency
ResetEvent
OpenEventA
SetWaitableTimer
GetCurrentProcessId
ResumeThread
TlsGetValue
TlsSetValue
TlsFree
CreateWaitableTimerA
GetModuleHandleW
CreateDirectoryW
CreateFileW
FindClose
FindNextFileW
GetFileAttributesW
GetFullPathNameW
SetEndOfFile
SetFilePointerEx
DeviceIoControl
AreFileApisANSI
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
CreateEventW
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
RaiseException
SetLastError
FreeLibrary
LoadLibraryExW
ReadFile
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
GetCommandLineA
GetCommandLineW
GetFileType
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
GetTimeZoneInformation
HeapReAlloc
SetConsoleCtrlHandler
FindFirstFileExW
IsValidCodePage

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
wsprintfA
GetSystemMetrics

advapi32

StartServiceA
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenServiceA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
ChangeServiceConfigA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

SHGetFolderPathW
ShellExecuteW

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 856KB - Virtual size: 856KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

28b10c057e28f940e4becc8b85714d60

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winhttp

ws2_32

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 856KB - Virtual size: 856KB

.rdata Size: 239KB - Virtual size: 239KB

.data Size: 18KB - Virtual size: 29KB

.rsrc Size: 1024B - Virtual size: 640B

.reloc Size: 40KB - Virtual size: 39KB

.text
Size: 856KB - Virtual size: 856KB

.rdata
Size: 239KB - Virtual size: 239KB

.data
Size: 18KB - Virtual size: 29KB

.rsrc
Size: 1024B - Virtual size: 640B

.reloc
Size: 40KB - Virtual size: 39KB