cobaltstrike | foo[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

foo.zip
Size

148.2MB
MD5

875294d0dba88dbc80c33a5cbb110b41
SHA1

3727db2a114f7302be5d5a3ef212bc0922060346
SHA256

46dc49be65d7165e2a6009854a4f27f0088230199e61e0555cb1bd266535874a
SHA512

4482e49c33c076cbde30a4da9c7283ef9cc67ae3ae75d9217ea402c206f6fc82aa4ffe90b76ab18c79cda6a7c1e302c02abda6736d594df2b2db273d013e07ab

Score

10^/10

upx aspackv2 0 1535648626 pyinstaller rat vmprotect cobaltstrike qakbot limerat gozi_ifsb warzonerat

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://www.google.com:443/__utm.gif

Attributes

access_type
512
beacon_type
2048
crypto_scheme
256
host
www.google.com,/__utm.gif
http_header1
AAAACQAAABJ1dG1hYz1VQS0yMjAyNjA0LTIAAAAJAAAAB3V0bWNuPTEAAAAJAAAAEHV0bWNzPUlTTy04ODU5LTEAAAAJAAAAD3V0bXNyPTEyODB4MTAyNAAAAAkAAAAMdXRtc2M9MzItYml0AAAACQAAAAt1dG11bD1lbi1VUwAAAAoAAAAoSG9zdDogdHJhbnNsYXRlc2VydmljZXVwZGF0ZS5hcHBzcG90LmNvbQAAAAcAAAAAAAAACAAAAAIAAAAGX191dG1hAAAABQAAAAV1dG1jYwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAAAgAAAAZVQS0yMjAAAAABAAAAAi0yAAAABQAAAAV1dG1hYwAAAAkAAAAHdXRtY249MQAAAAkAAAAQdXRtY3M9SVNPLTg4NTktMQAAAAkAAAAPdXRtc3I9MTI4MHgxMDI0AAAACQAAAAx1dG1zYz0zMi1iaXQAAAAJAAAAC3V0bXVsPWVuLVVTAAAACgAAAChIb3N0OiB0cmFuc2xhdGVzZXJ2aWNldXBkYXRlLmFwcHNwb3QuY29tAAAABwAAAAEAAAAEAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
60000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+xef42wyX1NAUR5Ukrnj2L8wg2GQ3+zg6SV5+gTlXxdgo8apUHH/mtKv7A+Fa5aReI1QBvVbMdkwq7A1YwJpBtFUBouokiqs8MjBWWrcftqQno/goPu3jDA1eHNyB8Hn+E4URKzRBBwQBduCA6fvUK83z/jAh062sZrZaFGE6dwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
6.71092736e+08
unknown2
AAAABAAAAAIAAAAPAAAAAgAAAA8AAAACAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/___utm.gif
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
watermark
0

Extracted

Family

qakbot

Version

322.368

Campaign

1535648626

Credentials

Protocol: ftp
Host:
37.60.244.211
Port:
21
Username:
[email protected]
Password:
4AsEzIaMwi2d

Protocol: ftp
Host:
198.38.77.162
Port:
21
Username:
[email protected]
Password:
kJm6DKVPfyiv

Protocol: ftp
Host:
61.221.12.26
Port:
21
Username:
[email protected]
Password:
346HZGCMlwecz9S

Protocol: ftp
Host:
67.222.137.18
Port:
21
Username:
[email protected]
Password:
p4a8k6fE1FtA3pR

Protocol: ftp
Host:
107.6.152.61
Port:
21
Username:
[email protected]
Password:
RoP4Af0RKAAQ74V

190.185.219.110:443

73.74.72.141:443

65.116.179.83:443

50.198.141.161:2078

70.183.154.153:995

68.49.120.179:443

70.94.109.57:443

24.45.54.50:2222

190.80.21.204:2222

216.201.159.118:443

74.88.210.56:995

75.189.235.216:443

47.48.236.98:2222

68.59.209.183:995

75.3.101.153:443

108.17.25.169:443

185.219.83.73:443

184.180.157.203:2222

207.178.109.161:443

174.48.72.160:443

Extracted

Family

limerat

Attributes

aes_key
12344321
antivm
false
c2_url
https://pastebin.com/raw/7m5Ddsgv
delay
3
download_payload
false
install
true
install_name
svchost.exe
main_folder
AppData
pin_spread
false
sub_folder
\system\
usb_spread
false

Extracted

Family

warzonerat

smartconnect.duckdns.org:39

Signatures

Cobalt Strike reflective loader 1 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
static1/unpack001/foo/2f215e008c6a7d8886c578e442b8f1b0	cobalt_reflective_dll

Cobaltstrike family
cobaltstrike
Gozi_ifsb family
gozi_ifsb
Limerat family
limerat

Nirsoft 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/foo/39555eb0403a69906729713ad20888ec	Nirsoft

Qakbot family
qakbot

Warzone RAT Payload 1 IoCs

rat

Processes:

resource	yara_rule
static1/unpack001/foo/b7d5f0b9bf2e6e13c5b3ca1c2a0a8b4a	warzonerat

Warzonerat family
warzonerat

NirSoft MailPassView 1 IoCs

Password recovery tool for various email clients

Processes:

resource	yara_rule
static1/unpack001/foo/39555eb0403a69906729713ad20888ec	MailPassView

NirSoft WebBrowserPassView 1 IoCs

Password recovery tool for various web browsers

Processes:

resource	yara_rule
static1/unpack001/foo/39555eb0403a69906729713ad20888ec	WebBrowserPassView

ASPack v2.12-2.42 2 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
static1/unpack001/foo/0becfedf4d0b9ad5251aca33274a4cf4	aspack_v212_v242
static1/unpack001/foo/4a74c9f378007412ec2c8b2eea6da4cf	aspack_v212_v242

UPX packed file 11 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/foo/035fa2f2fae0a8fad733686a7d9ea772	upx
static1/unpack001/foo/07470b6ede84f02ec31ab0a601cdc068	upx
static1/unpack001/foo/4c49c2496ae538bcec9e1510f3eb8eba	upx
static1/unpack001/foo/798f5e61531f527821a490a15ef957ba	upx
static1/unpack001/foo/9d3438ba1dbdbcc2a65451893e38004b	upx
static1/unpack001/foo/bad78e11371381ce9e1d703aac2821e5	upx
static1/unpack001/foo/c944eadb6e032fd9e7a0988464a6f1cc	upx
static1/unpack001/foo/d81e76123ccb64b73eeac2f31a7434c4	upx
static1/unpack001/foo/e03bd458de4a107688236bdc4ddc3afe	upx
static1/unpack001/foo/e95678212c7218c6e7944fca1631c88f	upx
static1/unpack001/foo/fcdc003a1529fe3660b160fd012173b3	upx

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/foo/e61c0e180c2616fa81e6c4d581a9520e	vmprotect

autoit_exe 2 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
static1/unpack001/foo/27f9116902c35a9b784c703762bbd249	autoit_exe
static1/unpack001/foo/acf0b7f4fe980501192187bb9b8e20c4	autoit_exe

Detects Pyinstaller 1 IoCs

pyinstaller

Processes:

resource	yara_rule
static1/unpack001/foo/b641961018d09dfbd7fa9c15f09a7723	pyinstaller

NSIS installer 12 IoCs

installer

Processes:

resource	yara_rule
static1/unpack001/foo/28408caa2961caecd35c9f8f7c1aecc5	nsis_installer_1
static1/unpack001/foo/28408caa2961caecd35c9f8f7c1aecc5	nsis_installer_2
static1/unpack001/foo/457cfd3e7a53e7500f8206b3ea300aca	nsis_installer_1
static1/unpack001/foo/457cfd3e7a53e7500f8206b3ea300aca	nsis_installer_2
static1/unpack001/foo/4ea45460c3e7c3d8486d3f7bec90c613	nsis_installer_1
static1/unpack001/foo/4ea45460c3e7c3d8486d3f7bec90c613	nsis_installer_2
static1/unpack001/foo/698cc868cdae13a5cc744020ec00e331	nsis_installer_1
static1/unpack001/foo/698cc868cdae13a5cc744020ec00e331	nsis_installer_2
static1/unpack001/foo/b693dfe99d2915616044eea2cfe18360	nsis_installer_1
static1/unpack001/foo/b693dfe99d2915616044eea2cfe18360	nsis_installer_2
static1/unpack001/foo/dfcc555a02bccc9c438b08555b5c2ab8	nsis_installer_1
static1/unpack001/foo/dfcc555a02bccc9c438b08555b5c2ab8	nsis_installer_2

Files

foo.zip
.zip
foo/0044d66e4abf7c4af6b5d207065320f7
.exe windows x86
foo/034e4c62965f8d5dd5d5a2ce34a53ba9
.exe windows x86
foo/035fa2f2fae0a8fad733686a7d9ea772
.exe windows x86
foo/04884a82d01d733f245d921e1f74fb1b
.exe windows x86
foo/06ed82e88e1f68cc08602d7cd8ec5f59
.exe windows x86
foo/07470b6ede84f02ec31ab0a601cdc068
.exe windows x86
foo/078adb95b1a0a6449d8c4ece796deac0
.exe windows x86
foo/09e5c88a0592763e0c4f30fb88d663b4
.exe windows x86
foo/0becfedf4d0b9ad5251aca33274a4cf4
.exe windows x86
foo/1a78d313f2891bd468f78694814a28a3
.exe windows x64

Exports

Exports

YX��DD��Y7l�i �_��x�"��#"�uo��VD~��m�b4�� 2��;�\!��|�7�a`��)7��,��ʲ7˔M8%��Ponbxl��|��0�zz��}�ʡ�2z1��!3��"�O�i�>��[�뼲��hm*�U��{��z'��I2�j��b^��\��kHm�e ��e�cp!*I��4�|�)Y�1��?�=�t8B��m�-��8|N��Э�[_�ds�� k#B��vJ<��>�5 ʸ(�cu��Ć�2�}��C��R� KX��bWV��`=��6�X��8F�e[�HlJMKF��7Q jN��pT[�g��H��I~瞨�\E�_��m�8� D�[��]�>��Ӝ�Ex�f�d ��L��~�$�%��^wh@�Ɠ_p@E��`�bi|�w�'�;��~9��M��4�>��@�{p�wM��D#��Q8�i2��N��?Ӈ��a6X�W�ml��P3#9a�Y��['2�� z��*��J��z��r)�P�� >�J��X�"�A&��2�r��4B��My�ܛ��c�J��v�|��J*֣��{=ս�r�ͩs��ܺ�Z��ȩ� ��ث ~W��d (�@��9��B��N��ѱ2wP�P;��+WN_qK��˥�) "UL�\e��Ͼ{lE��#L�TIp]��y�(��˃/ɂ�g��WZ+��zČ`��]�~ٳ�!��$�K[��&}GX��z;�l~=��u͵�;��cC�x�F�[ &u�3��C7Rk@��w�1�w�Te2$��*Lې��9�hp +�a�V�^ǽ�$AG��S:|�$<��2C�sOc�Rϋb8�*�$�Kj��p\t� ��(�x�}u��b�Ѐ�|�m�e `��z:��e(M�$��6�ne��x_I ��I��a1�iC�{wc�q?��;��X��6W�v��V��H�Wj�&�ڊ�n��[�k�鵽6 �,��V�@�7\X�_(��n�v=�)`b��&�S� /u>��G�z�%��<*U/� u޷�� M�� ے8?��PJ&.��ؼ�x��9�� G�e��*��F��?D��Q��I��X��sa��f4A!Z_m��T��A�VCjA��03� �Q�V�#�D��\gZ��R}��l��~�o2S��ks�~�`_X��e1�� N�Me��z��OMh�b��!j:~�AG��i�鮅��:��T��3��)�;�E�s��ryt�x٢l1.\җ��]�y�8A��+�җ�捊�*�U1�lxK��Rk�g��dC<Wv�o��[��_v�XϮ<��p*x�q��ӽܔ;��'g2Z��IӇJp��r*ܴX/Z(��\xdEZ'��8�K��{��aJ۠�{?;��5��{p�c� ɡ�� H�G��AV�z�v��{�b1i�)��K�^�!$��F}��b4��"�A��9��%�M@O��Tֽ6��=�X�� "�w`��z֟��0ݘSԢA��'~�P�!JLa�k�\��K��1�x}�u��t� ?۟��+�O��v�l��gq��y,$��-��9W(M��/a�vMz�w*L� ��Z/ s��@�s�&3X �YbV�IEp��F��|�df��e/��8Q~F0��c"�o}��7yb�u�AO}�$^�V��.�P�A��@�AT�Kac��sf��i�Z��|C7Y�D��o�iҎ^ q8�N��d��c�d��L��Y �j��eȮ��WK1��n{��_��2̆mC#h��2yi��u�z�K��#(�5��_�(�%�}�I�J| ��Y{I4V=�K�b�( '�ɺ�:��u ��<�?3��l��ך�&*\W;S1�+��{�u�q(趵v$J�� "Y='t�0�6u�C$��x��ա�O��1y� ��V�)g>�eM��׋��!�ؒ/��)�pO�*G@��P��j��Z-wh;m�r�&T��D�44��^��6� ˄�_�W��$2��[��#p�Du��b^\��d�i��1��P��GԒK4!\�UKƃ��'o@�b ��2�R��#e�7�`yJ"Y�]��f�U]e杀[��As�qxf��]B�g��Π%�VX��W&�+7��)�3�\ ʾf�G��h��E0]򉣹Ѯϧ:Ø�h��܄6�ce� ɿ��ž^�C<��]>��a�/�F3��D�m-�hT� �ZD�z�-\�(�f�q��E��p�V<u� b�T��j��`;_�=ã�dǄ��޶b�T�p7F*&��a��DoT��׃۪��I�'͋qʰ�n��YT��Ȟ�@��|z)��k�:c�s��'ˆ��w�|�`۲�HW��7�hu��1FD|��D�Ϡ�vMF��ˋdd��KsW�:��:~�G�ֽ��r��::x��1�s��_��K�Y� ��*�L�M��:EUc�"x��7X{n�+TӞ~��Ɩ"<�d!;�yBno#�?|$��,zA��L�9��cN|�V��'��'Ӵ4u��9��^H��'�C�V�)2H�/��Q��%Ҏ��z�b�1i7^��<�ў�U�Fu��ѫ�@�PT��ς�Q��S�}��)�_�EA�u�Y�m�Y-��h��~�鈜GZ�r"��isߺ^�x4~RoS<f�d�qhuw�%\(eSU��̺n��Gi"k3��:�/\~Fc�f��!��/v��8F��إ3-�.��e��9��懆�]��O�/��W�L�y��V�,��2؇L��"��m�1�D2*��z��p�C�ߢT��<`��We��_��a2a2��&�Yj��YҪN�~#y|��L��8-�7��_U��,A�z�|$�۲��=~�v&v3tYW�1#�5]��J��X�l�:�׷/��!��(8��<��Ar��2_�Yǃo!�yc_�?;��!�oa��cey��8e�V��r�bo"��7��B�J��L�\F,�'<�-��=��]��O~Z#y�}�3�i�*�n��&�ی8�;p�ya&�݀zB ��m?|�h��V��u��6[�M\"��W��
foo/1ffe827beb75335731cb6f052a8ec3a6
.exe windows x86
foo/255028f2f37838e92f84f27c68aaf4e1
.dll windows x86

Exports

Exports

GetHandleVerifier
WatcherMain
foo/27601d095e5b3761d9289584415a73cc
.exe windows x86
foo/27f9116902c35a9b784c703762bbd249
.exe windows x86
foo/28408caa2961caecd35c9f8f7c1aecc5
.exe windows x86
foo/29682275a385f42634ee312db7f666e4
.dll windows x86

Exports

Exports

SHGetFolderPathW
TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
foo/2de7b886ed3bf5455694d76ac69a96a4
.exe windows x86
foo/2e00df497f82c0bf215548969fefc18b
.exe windows x86
foo/2e90a15707ad3eb4cd06bd8a05463922
.exe windows x86
foo/2f215e008c6a7d8886c578e442b8f1b0
.dll windows x86

Exports

Exports

_ReflectiveLoader@4
foo/30bc06d0add076dd6500fcdfbc12643e
.exe windows x86
foo/312e67dc35992949937d1bad6ba529f3
.exe windows x86
foo/383497fda5ca670a06dc688443c2011b
.exe windows x86
foo/39555eb0403a69906729713ad20888ec
.exe windows x86
foo/39e5310f67f0b1bf98604a2e0edb9204
.exe windows x86
foo/3aba72d1f87f4372162972b6a45ed8cd
.exe windows x86
foo/406c9b9529109f835fe7292e6cf3fefe
.exe windows x86
foo/457cfd3e7a53e7500f8206b3ea300aca
.exe windows x86
foo/4761e4b165f62d326b9032d96329e460
.exe windows x86

Exports

Exports

Pi
foo/487f1b1f30212eaa9104c084a667f104
.exe windows x86
foo/4a74c9f378007412ec2c8b2eea6da4cf
.exe windows x86
foo/4b2d7854b47943b118e24c6ec79b974b
.exe windows x86
foo/4c49c2496ae538bcec9e1510f3eb8eba
.exe windows x86
foo/4cfe8f3aa1592035b9a2cdb2c4f54c77
.exe windows x86
foo/4ea45460c3e7c3d8486d3f7bec90c613
.exe windows x86
foo/52d6c59fcfe73048a240c7fdd1f04d7e
.exe windows x86
foo/55fc11ec67a00177d047d5abc84231e0
.exe windows x86
foo/59f0fbc29bace019804b8a181ce75a06
.exe windows x86
foo/5b1c0df2be80006ec3af6a5eeea17ecb
.exe windows x86
foo/5bc72a1ae433663758319d97917b77ea
.exe windows x86
foo/5d33050f0514054c49f2bc2ff9abee2a
.exe windows x86
foo/5d9775622b5e7123d5796d4de5dc2839
.exe windows x86
foo/60121ea2ab380455f7e143cd9438443e
.exe windows x86
foo/62565a39c4a264e48e0678edad5d60fd
.exe windows x86
foo/62a3fd9b4932e59a7192813c22617764
.exe windows x86
foo/63e9ce22dbf66934fd75c77bc84954d0
.exe windows x86
foo/6497ba06c339ec8ca438ddf0dd2f8fc5
.exe windows x86
foo/698cc868cdae13a5cc744020ec00e331
.exe windows x86
foo/6f2c5c31fefa00afa2af1adcbdd93ad5
.exe windows x86
foo/798f5e61531f527821a490a15ef957ba
.exe windows x86
foo/7aec86c6c4cc35139b7874a0117e4451
.exe windows x86
foo/84bf6e1a8fcd94cf6cba6ac7e2a95b64
.exe windows x86
foo/907b7d9a23ed7821abb700fcbe1c9bb3
.exe windows x86
foo/928f1db0c63d122f0183686a3bdfccee
.exe windows x86
foo/9401b0788dc22eeb1dace02d23a9596c
.exe windows x86
foo/97dd8726304f889ef12ef1beb510be84
.exe windows x86
foo/9b8c48e6186718b7b290ceed9369a1a4
.exe windows x86
foo/9cde71abfd2a6aeb83cdd233cbc04fcd
.exe windows x86
foo/9d3438ba1dbdbcc2a65451893e38004b
.exe windows x86
foo/9f88187d774cc9eaf89dc65479c4302d
.exe windows x86
foo/a17bdcde184026e23ae6dc8723f73fcf
.exe windows x86
foo/a2981192a30538e97b55f363abbce946
.exe windows x86
foo/aa3b51bd50bcc98f763cffcf7f907152
.exe windows x86
foo/acf0b7f4fe980501192187bb9b8e20c4
.exe windows x86
foo/aeca5c301d02253e8ffcc240c08f61f7
.exe windows x86
foo/b1071426aa88f31339f1b369cf13cef3
.exe windows x86
foo/b2365260985173cc758575cd8059459f
.exe windows x86
foo/b514b59324818c52140b431aeac96bfc
.exe windows x86
foo/b641961018d09dfbd7fa9c15f09a7723
.exe windows x64
foo/b693dfe99d2915616044eea2cfe18360
.exe windows x86
foo/b6e7c9793cf40153bf8865195e06ecbc
.exe windows x86
foo/b7d5f0b9bf2e6e13c5b3ca1c2a0a8b4a
.exe windows x86
foo/ba2d460199eb2d9e9d6d0559bb455529
.exe windows x86
foo/bad78e11371381ce9e1d703aac2821e5
.exe windows x86
foo/bc6536b86b04cf5b3bf7cd353d615ab9
.exe windows x86
foo/be85e0b2608a55942aa101c66ce6c32c
.exe windows x86
foo/c914b169d1388c5e78421045d05946ee
.exe windows x86
foo/c944eadb6e032fd9e7a0988464a6f1cc
.exe windows x86
foo/cad3634df5d5058551bed38237ab8e8b
.exe windows x86
foo/cd89b6c808c296cde0bc77ee630dc7df
.exe windows x86
foo/d81e76123ccb64b73eeac2f31a7434c4
.exe windows x86
foo/d86d2cb12111422ad0b401afa523e308
.exe windows x86
foo/d8e37dd7ca017370a0b54147a27a7498
.exe windows x86
foo/dea515c25081073ec2cee293b2991ee1
.exe windows x86
foo/dfcc555a02bccc9c438b08555b5c2ab8
.exe windows x86
foo/e03bd458de4a107688236bdc4ddc3afe
.exe windows x86
foo/e16ec7bc29b68f66e90fdbfefe1d3a2d
.exe windows x86
foo/e61c0e180c2616fa81e6c4d581a9520e
.exe windows x86
foo/e78fad8a5d0ea89127ed36ed20bc9351
.exe windows x86
foo/e7ad45164be5c3c7f9936e9b5fb28788
.exe windows x86
foo/e95678212c7218c6e7944fca1631c88f
.exe windows x86
foo/edf723c8e404cd67041e7dfbbb1a6eee
.dll windows x86

Exports

Exports

ExportFunction
foo/f2366f48d3534bc8af573f2696dce4f5
.exe windows x86
foo/f645a94491240317caccd6f8508fba1f
.exe windows x86

Exports

Exports

?startLogic@@YAXXZ
foo/f65e75d9675a50f9b4807e79dcc48d56
.exe windows x86
foo/f660284cb3574213a512e3f03ca9012b
.exe windows x86
foo/f6c1c72f3e45d2f3499b6bd6661b3289
.exe windows x86
foo/fbab903080d6a4e65a1a2f6bc4d97b7c
.exe windows x86

Exports

Exports

_MainWndProc@16
_StubFileWrite@12
foo/fcdc003a1529fe3660b160fd012173b3
.exe windows x86
foo/fffb61eaaac6e8a40bfaa7a4acb6b9ba
.exe windows x86

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Signatures

Files

Exports

Exports

Exports

Exports

Exports

Exports

Exports

Exports

Exports

Exports

Exports

Exports

Exports

Exports

Exports

Exports