InfinityNikki[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

InfinityNikki.zip
Size

308KB
MD5

1b2c244217c790630f0279cdbdfabd76
SHA1

0f041152d404add6f823cecca6ee881df1eb188e
SHA256

13e670c886fb6c001da708b00402e515ffb9465f06ae5b58a2b6fd9ae53aeef0
SHA512

b9ad87cffef69ea8e246f7bc6bb66fc0f9b9c08e5cea724064d891382db51c58069b8dc459a2ff0a032cee9686e8722eb7648e37cafc23c1697b740139927509
SSDEEP

6144:PfjzAexF4Feg/NxeuwhKSuxMNq1KwN7h5KB3TArIWt2zkxMZ:Pr0eDOjJCKsNFcOntzkxc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/GF.DATA

Files

InfinityNikki.zip
.zip
GF.DATA
.dll windows:6 windows x64 arch:x64

fa371e8809f1371b907a38a239662ad7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

ReadConsoleA
Sleep
CreateThread
WaitForSingleObject
TerminateThread
CloseHandle
GetPrivateProfileStringA
WritePrivateProfileStringA
MultiByteToWideChar
GetLastError
ReadFile
CreatePipe
EnterCriticalSection
LeaveCriticalSection
GetExitCodeProcess
CreateProcessW
CreateFileW
GetVolumeInformationA
DeviceIoControl
InitializeCriticalSection
GetStartupInfoW
FreeLibrary
GetProcAddress
LoadLibraryW
MoveFileA
WriteFile
GetModuleHandleA
GetTempPathA
GetFileAttributesA
CreateFileA
DeleteFileA
GetFileSize
RemoveDirectoryA
WideCharToMultiByte
CreateDirectoryA
WriteConsoleW
WriteConsoleA
HeapSize
GetStringTypeW
SetStdHandle
FlushFileBuffers
SetConsoleTextAttribute
FreeConsole
SetConsoleCtrlHandler
GetStdHandle
SetConsoleTitleA
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileAttributesExW
GetConsoleOutputCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
HeapReAlloc
GetTimeZoneInformation
GetFileType
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
HeapAlloc
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
SetEndOfFile
AllocConsole
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW

user32

GetWindowThreadProcessId
FindWindowA

advapi32

RegDeleteKeyA
RegCreateKeyA
RegCloseKey
RegSetValueExA

shell32

SHGetFolderPathA

winhttp

WinHttpConnect
WinHttpOpen
WinHttpSetTimeouts
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpOpenRequest
WinHttpCloseHandle

wininet

InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetOpenUrlW
InternetOpenA
InternetCloseHandle

ws2_32

closesocket
connect
htons
inet_addr
inet_ntoa
recv
send
socket
gethostbyname
WSAStartup

iphlpapi

GetAdaptersInfo

Exports

Exports

Win10
cJSON_AddArrayToObject
cJSON_AddBoolToObject
cJSON_AddFalseToObject
cJSON_AddItemReferenceToArray
cJSON_AddItemReferenceToObject
cJSON_AddItemToArray
cJSON_AddItemToObject
cJSON_AddItemToObjectCS
cJSON_AddNullToObject
cJSON_AddNumberToObject
cJSON_AddObjectToObject
cJSON_AddRawToObject
cJSON_AddStringToObject
cJSON_AddTrueToObject
cJSON_Compare
cJSON_CreateArray
cJSON_CreateArrayReference
cJSON_CreateBool
cJSON_CreateDoubleArray
cJSON_CreateFalse
cJSON_CreateFloatArray
cJSON_CreateIntArray
cJSON_CreateNull
cJSON_CreateNumber
cJSON_CreateObject
cJSON_CreateObjectReference
cJSON_CreateRaw
cJSON_CreateString
cJSON_CreateStringArray
cJSON_CreateStringReference
cJSON_CreateTrue
cJSON_Delete
cJSON_DeleteItemFromArray
cJSON_DeleteItemFromObject
cJSON_DeleteItemFromObjectCaseSensitive
cJSON_DetachItemFromArray
cJSON_DetachItemFromObject
cJSON_DetachItemFromObjectCaseSensitive
cJSON_DetachItemViaPointer
cJSON_Duplicate
cJSON_GetArrayItem
cJSON_GetArraySize
cJSON_GetErrorPtr
cJSON_GetNumberValue
cJSON_GetObjectItem
cJSON_GetObjectItemCaseSensitive
cJSON_GetStringValue
cJSON_HasObjectItem
cJSON_InitHooks
cJSON_InsertItemInArray
cJSON_IsArray
cJSON_IsBool
cJSON_IsFalse
cJSON_IsInvalid
cJSON_IsNull
cJSON_IsNumber
cJSON_IsObject
cJSON_IsRaw
cJSON_IsString
cJSON_IsTrue
cJSON_Minify
cJSON_Parse
cJSON_ParseWithLength
cJSON_ParseWithLengthOpts
cJSON_ParseWithOpts
cJSON_Print
cJSON_PrintBuffered
cJSON_PrintPreallocated
cJSON_PrintUnformatted
cJSON_ReplaceItemInArray
cJSON_ReplaceItemInObject
cJSON_ReplaceItemInObjectCaseSensitive
cJSON_ReplaceItemViaPointer
cJSON_SetNumberHelper
cJSON_SetValuestring
cJSON_Version
cJSON_free
cJSON_malloc

Sections

.text
Size: 489KB - Virtual size: 489KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
run me as admin.bat

Sharing

General

Malware Config

Signatures

Files

fa371e8809f1371b907a38a239662ad7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

winhttp

wininet

ws2_32

iphlpapi

Exports

Exports

Sections

.text Size: 489KB - Virtual size: 489KB

.rdata Size: 80KB - Virtual size: 79KB

.data Size: 59KB - Virtual size: 85KB

.pdata Size: 14KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 489KB - Virtual size: 489KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 59KB - Virtual size: 85KB

.pdata
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 16KB - Virtual size: 15KB