zloader | 97179aa99e2c4d95d226268057774f5431b0763497b7000fe683c91a70a61071[.]zip

General

Target

97179aa99e2c4d95d226268057774f5431b0763497b7000fe683c91a70a61071.zip
Size

84KB
MD5

5e3f02ce971c8baf7875b0d42b4dcd97
SHA1

94886339ad07327bef84afabc611e88f66d09ed3
SHA256

d7b42514361773a561be25edf6c89f444f1f5bd2bb1462151e6490c94fa38581
SHA512

c55c189ec943ec5c38013aab8c76603e2f502dced9cc035500d6beb64513cf95825ed07e5840b467a9103545a1c6ffb5d74f0e6bbc02c5388089e8e99f3a6ba0
SSDEEP

1536:XZRbLDm59w6rrwLZNMzdeMNj2G8+iHPrcF0OA2hmMSOHn2/thfHHAAfaOLt4dwmG:p6HrwLZNywn5VPwMbOW1h/Mw46TNr

Score

10^/10

r1 r1 zloader

Malware Config

Extracted

Family

zloader

Botnet

r1

Campaign

r1

C2

https://notsweets.net/LKhwojehDgwegSDG/gateJKjdsh.php

https://olpons.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://karamelliar.org/LKhwojehDgwegSDG/gateJKjdsh.php

https://dogrunn.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://azoraz.net/LKhwojehDgwegSDG/gateJKjdsh.php

Attributes

build_id
125

rc4.plain

rsa_pubkey.plain

Signatures

Zloader family
zloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/97179aa99e2c4d95d226268057774f5431b0763497b7000fe683c91a70a61071.exe

Files

97179aa99e2c4d95d226268057774f5431b0763497b7000fe683c91a70a61071.zip
.zip

Password: infected
97179aa99e2c4d95d226268057774f5431b0763497b7000fe683c91a70a61071.exe
.exe windows:5 windows x86 arch:x86

a97eebc79fae88ef9e13f637e5ecd081

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateEventW
CreateFileW
DeleteFileW
EnterCriticalSection
ExitThread
GetCommandLineW
GetFileAttributesW
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetTempPathW
HeapAlloc
HeapFree
InitializeCriticalSection
LeaveCriticalSection
ReadFile
ResetEvent
SetEvent
VirtualFree
WaitForSingleObject
WriteFile
lstrcmpW
lstrcmpiW
lstrlenW

user32

AppendMenuW
ClientToScreen
CopyRect
CreateWindowExW
DefWindowProcW
DestroyIcon
DispatchMessageW
DrawTextW
EnableMenuItem
EnableWindow
FillRect
GetClassNameW
GetFocus
GetMessageA
GetParent
GetSysColor
GetSysColorBrush
GetSystemMetrics
GetWindowLongW
InflateRect
InsertMenuItemW
IsIconic
LoadCursorW
LoadImageW
MapWindowPoints
MessageBoxW
MoveWindow
RedrawWindow
ReleaseCapture
ScreenToClient
SetCapture
SetDlgItemInt
SetPropW
SetTimer
SetWindowPos
ShowWindow
TranslateMessage

gdi32

CreateSolidBrush
EqualRgn
ExtCreatePen
GetObjectA
GetRgnBox

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

a97eebc79fae88ef9e13f637e5ecd081

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: 129KB - Virtual size: 129KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 10KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 129KB - Virtual size: 129KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 10KB

.reloc
Size: 4KB - Virtual size: 3KB