zloader | 8b22b777f58ddd8a49841ccf4688ebb71007dec9[.]dll[.]exe

Resubmissions

21/01/2025, 16:48

250121-vbk4dstkas 10

08/11/2024, 14:40

241108-r1wdwatgrl 3

Sharing

Copy URL

Twitter E-mail

General

Target

8b22b777f58ddd8a49841ccf4688ebb71007dec9.dll.exe
Size

460KB
MD5

83b9c187fad8a8101c8d2393b33d25f6
SHA1

8b22b777f58ddd8a49841ccf4688ebb71007dec9
SHA256

2794a703aff5549a89834d0ef8ad4b97ce12e27fa37852dd2a504e5a0078b093
SHA512

1b6ac178260eae55402672f59cb662c15b5e9e9d14659328d68de24df08a503e7122562f37c1e3c8ced6297504f818eb275008cbc92e8d29067be92ba83e7a06
SSDEEP

6144:Xc+kUlZndUcgzpK8XOFGEvOcMlZjMR8x40A79uriJJUqy9RznJ/c:XzrJ2ckXkGEmcMl1sGmuzqynJ/c

Score

10^/10

penta2 1.1 zloader

Malware Config

Extracted

Family

zloader

Botnet

Penta2

Campaign

1.1

https://unitedcommunity.world/

Attributes

dns
https://fordns/corproot/

dns://ns1.brownswer.com

rsa_pubkey.plain

rc4.hex

Signatures

Zloader family
zloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b22b777f58ddd8a49841ccf4688ebb71007dec9.dll.exe

Files

8b22b777f58ddd8a49841ccf4688ebb71007dec9.dll.exe
.dll regsvr32 windows:6 windows x64 arch:x64

c4f79cbcb5ca7cb336f74e191000f730

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

WriteProcessMemory
WaitForSingleObject
GetExitCodeProcess
VirtualAllocEx
CreateProcessA
HeapFree
SuspendThread
GetSystemWow64DirectoryW
Process32FirstW
GetProcessId
FlushInstructionCache
WaitForMultipleObjects
SetEndOfFile
ReadFile
VirtualQuery
CloseHandle
TerminateThread
GetFileTime
OpenThread
Process32NextW
GetStdHandle
SetLastError
CreateProcessW
HeapReAlloc
DeleteFileW
WriteConsoleW
Thread32First
PeekNamedPipe
CreateEventA
ResetEvent
CreateFileW
SetFilePointerEx
GetConsoleMode
SetThreadContext
GetCurrentProcessId
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetStdHandle
HeapSize
GetStringTypeW
GetFileType
GetProcessHeap
LCMapStringW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
InterlockedFlushSList
RaiseException
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetCurrentProcess
TerminateProcess
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW

advapi32

GetTokenInformation
CryptDestroyHash
CloseServiceHandle

ws2_32

closesocket
htons
ntohs
recvfrom
WSASetLastError

crypt32

CryptDecodeObjectEx

wininet

InternetCloseHandle
HttpQueryInfoA
InternetOpenA
InternetSetOptionA

gdiplus

GdipGetImageEncoders

ntdll

RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
RtlCaptureContext

Exports

Exports

CascXedxyfey
CxfjErwz
DllRegisterServer
EogcMvte
HchhFkmg
NoymopznTmcsun
NpugJatwkbux
PkerIwego
UcovvZikx

Sections

.text
Size: 350KB - Virtual size: 350KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

c4f79cbcb5ca7cb336f74e191000f730

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ws2_32

crypt32

wininet

gdiplus

ntdll

Exports

Exports

Sections

.text Size: 350KB - Virtual size: 350KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 5KB - Virtual size: 27KB

.pdata Size: 27KB - Virtual size: 27KB

_RDATA Size: 512B - Virtual size: 244B

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 350KB - Virtual size: 350KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 5KB - Virtual size: 27KB

.pdata
Size: 27KB - Virtual size: 27KB

_RDATA
Size: 512B - Virtual size: 244B

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB