zloader | 20351248985[.]zip

Resubmissions

21-01-2025 16:49

250121-vbshgatncp 10

13-12-2024 20:33

241213-zbzzrszmgq 3

13-12-2024 20:30

241213-y95r8sykbv 3

Sharing

Copy URL

Twitter E-mail

General

Target

20351248985.zip
Size

245KB
MD5

4f9691a6f873256d27688321423c2f40
SHA1

ed20304b0b1b051e78ee8ae38181dee3fe0c2c7a
SHA256

d970b9e75ae60030bc4a0d3272bc38a378db01d329ecbbcab56d4b78f7d843ad
SHA512

4aaf2440765c2ef4a1ccd9d3f98f9d25bfb7ff452ce2dc015bccddd97d76516e2ed58a2a26b39fbd8a7e0a386b5e590bf56d05486d4e0c79d815f27d602f2d33
SSDEEP

6144:f/m2sBRZBw4zwttIFMSh0ZsfHs/4p2g082YynPJacUY1n:f/LQRrpWk1h0Kf882YoRa4n

Score

10^/10

penta1 1.1 zloader

Malware Config

Extracted

Family

zloader

Botnet

Penta1

Campaign

1.1

https://bigdealcenter.world/

Attributes

dns
https://fordns/corproot/

dns://ns1.brownswer.com

rsa_pubkey.plain

rc4.hex

Signatures

Zloader family
zloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d212042504f851253347754c3d3624628e7ebf7c0bbd8160220bf6edcff24f16

Files

20351248985.zip
.zip

Password: infected
d212042504f851253347754c3d3624628e7ebf7c0bbd8160220bf6edcff24f16
.dll regsvr32 windows:6 windows x64 arch:x64

Password: infected

1417cee5b61a726686e7e65420eb802d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntdll

memcpy
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
memmove
__chkstk
RtlInitUnicodeString
memset

kernel32

GetConsoleOutputCP
GetTickCount64
ExitProcess
GetProcessHeap
VirtualProtect
ReadFile
CloseHandle
GetStdHandle
LeaveCriticalSection
WaitForSingleObject
HeapFree
GetConsoleMode
GetLastError
SetFileAttributesW
SetEvent
GetThreadContext
SetLastError
FlushFileBuffers
CreateFileW
VirtualAlloc
WriteFile
SetStdHandle
HeapReAlloc
SetFilePointerEx
LocalFree
IsDebuggerPresent
HeapSize
GetStringTypeW
GetFileType
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
WriteConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
InterlockedFlushSList
RaiseException
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetCurrentProcess
TerminateProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW

user32

ReleaseDC

advapi32

CloseServiceHandle
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
RegQueryValueExW

shlwapi

PathFindFileNameW
PathAddExtensionW

ws2_32

htons
WSAGetLastError
inet_addr
WSAIoctl

ole32

CoInitializeEx

gdiplus

GdipSaveImageToStream

Exports

Exports

DllRegisterServer
Hveuiwfvjx
Kcqzld
Mzmfna
Phejqifk
Pzxbqaycrb
Shrcti
Vitowj
Wuwsxv

Sections

.text
Size: 417KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

1417cee5b61a726686e7e65420eb802d

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

advapi32

shlwapi

ws2_32

ole32

gdiplus

Exports

Exports

Sections

.text Size: 417KB - Virtual size: 416KB

.rdata Size: 61KB - Virtual size: 61KB

.data Size: 5KB - Virtual size: 22KB

.pdata Size: 26KB - Virtual size: 25KB

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 417KB - Virtual size: 416KB

.rdata
Size: 61KB - Virtual size: 61KB

.data
Size: 5KB - Virtual size: 22KB

.pdata
Size: 26KB - Virtual size: 25KB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB