emotet[.]zip | Triage

Resubmissions

18-01-2022 01:59

220118-ceefxafch7 1

18-01-2022 01:25

220118-bszhkafad6 10

12-01-2022 19:02

220112-xptnssdgap 1

Sharing

Copy URL

Twitter E-mail

General

Target

emotet.zip
Size

862KB
MD5

f659a2db24ef328a3fdde0229195236a
SHA1

252408e9cb20e9c3aa4f3dc2b3b1ed8ea3231f51
SHA256

dc2b36a39e44ba8371e137d53dcfe7af346a4da6be4ec5531ef0ef2cb2f3c922
SHA512

b3a487731ed1710e7dc405b27e1f1a1f432babd141dffff6747b4c1569821fcef2e5a892fdbe631163dba2f0f80ca1343bb642797714f6f4b4fe739994d06d31
SSDEEP

12288:7o582If5kUTE+PRcZF6WNo582If5kUTE+PVcZF6Wko582If5kUTE+P5cZF6W5:UHb+P6WHb+PubHb+PSV

Score

N/A

Malware Config

Signatures

Files

emotet.zip
.zip
NTn5cqpa.dll
.dll regsvr32 windows x86

36ed4043334e64f490ef67f21898fff6

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

pdh

PdhGetFormattedCounterValue
PdhCollectQueryData
PdhCloseQuery
PdhRemoveCounter
PdhAddCounterW
PdhValidatePathW
PdhOpenQueryW

kernel32

GetCommandLineA
GetUserDefaultLangID
TlsAlloc
GetThreadLocale
GetUserDefaultUILanguage
GetCurrentThread
GetLargePageMinimum
GetEnvironmentStringsW
GetCurrentThreadId
GetSystemDefaultLangID
GetOEMCP
AreFileApisANSI
GetCurrentProcess
GetLogicalDrives
MultiByteToWideChar
RaiseException
GetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
DecodePointer
EnterCriticalSection
LeaveCriticalSection
LoadResource
SizeofResource
FindResourceW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
GetModuleFileNameW
lstrcmpiW
FreeLibrary
MulDiv
SetLastError
IsProcessorFeaturePresent
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
UnregisterApplicationRestart
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
FreeEnvironmentStringsW
GetCommandLineW
IsValidCodePage
FindNextFileW
FindFirstFileExW
HeapReAlloc
HeapSize
GetFileType
GetStdHandle
GetModuleHandleExW
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
RtlUnwind
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
HeapFree
HeapAlloc
OutputDebugStringW
GetCPInfo
GetStringTypeW
LCMapStringEx
EncodePointer
FlushProcessWriteBuffers
UnregisterApplicationRecoveryCallback
IsDebuggerPresent
IsSystemResumeAutomatic
GetStartupInfoW
GetProcessHeap
CloseHandle
ReadFile
FindClose
GetACP
GetTickCount64
ReadConsoleW
SetStdHandle
CreateFileW
WriteConsoleW
TerminateProcess
SetUnhandledExceptionFilter
WriteFile
LocalFree
WideCharToMultiByte
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
UnhandledExceptionFilter

user32

InSendMessage
GetCapture
GetMenuCheckMarkDimensions
GetProcessWindowStation
CloseClipboard
GetMessageTime
EmptyClipboard
DestroyWindow
GetShellWindow
CallWindowProcW
DrawTextW
InsertMenuW
RegisterClassExW
LoadCursorW
GetClassInfoExW
DefWindowProcW
IsWindow
GetParent
SetTimer
ShowWindow
InvalidateRect
ReleaseDC
GetDC
EndPaint
BeginPaint
ClientToScreen
GetClientRect
SendMessageW
GetCursor
CreateWindowExW
GetWindowLongW
SetWindowLongW
CharNextW
UnregisterClassW
CountClipboardFormats
DestroyCaret
GetMessageExtraInfo
GetClipboardSequenceNumber
GetKBCodePage
GetForegroundWindow
GetClipboardViewer
GetFocus

gdi32

SetBkMode
SetTextColor
CreateFontW
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetTextMetricsW
SelectObject
GetDeviceCaps
GdiFlush
DeleteObject

advapi32

RegDeleteValueW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW

shell32

ShellExecuteW
InitNetworkAddressControl
SHGetFolderPathW

ole32

CoFreeUnusedLibraries
CoCreateInstance
CoInitialize
OleRun
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

LoadRegTypeLi
LoadTypeLi
SysAllocStringLen
SysFreeString
SysAllocString
SysStringLen
VarBstrCmp
VariantInit
VariantClear
VariantCopy
VariantChangeType
VarUI4FromStr

Exports

Exports

DllRegisterServer
agcszoyjs
bahkgkxkdroklj
bkazzsdpctpmyra
dcvijtkp
ebwbczga
egmnvxfsu
ewoypwsbdapm
hmsecpcirudtpwdrb
hsmrylhuauw
iajdteucjvfcaoank
iptcbtkpsmiyvq
jesrbzi
jhzxggxvkkaehqtu
khpfutkkkmuvjr
milljqgtfxytovx
nifhpnjgwhb
pythelqvusbg
qbxvzfepxnaor

Sections

.text
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
r5t3fovxD.dll
.dll regsvr32 windows x86

36ed4043334e64f490ef67f21898fff6

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

pdh

PdhGetFormattedCounterValue
PdhCollectQueryData
PdhCloseQuery
PdhRemoveCounter
PdhAddCounterW
PdhValidatePathW
PdhOpenQueryW

kernel32

GetCommandLineA
GetUserDefaultLangID
TlsAlloc
GetThreadLocale
GetUserDefaultUILanguage
GetCurrentThread
GetLargePageMinimum
GetEnvironmentStringsW
GetCurrentThreadId
GetSystemDefaultLangID
GetOEMCP
AreFileApisANSI
GetCurrentProcess
GetLogicalDrives
MultiByteToWideChar
RaiseException
GetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
DecodePointer
EnterCriticalSection
LeaveCriticalSection
LoadResource
SizeofResource
FindResourceW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
GetModuleFileNameW
lstrcmpiW
FreeLibrary
MulDiv
SetLastError
IsProcessorFeaturePresent
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
UnregisterApplicationRestart
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
FreeEnvironmentStringsW
GetCommandLineW
IsValidCodePage
FindNextFileW
FindFirstFileExW
HeapReAlloc
HeapSize
GetFileType
GetStdHandle
GetModuleHandleExW
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
RtlUnwind
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
HeapFree
HeapAlloc
OutputDebugStringW
GetCPInfo
GetStringTypeW
LCMapStringEx
EncodePointer
FlushProcessWriteBuffers
UnregisterApplicationRecoveryCallback
IsDebuggerPresent
IsSystemResumeAutomatic
GetStartupInfoW
GetProcessHeap
CloseHandle
ReadFile
FindClose
GetACP
GetTickCount64
ReadConsoleW
SetStdHandle
CreateFileW
WriteConsoleW
TerminateProcess
SetUnhandledExceptionFilter
WriteFile
LocalFree
WideCharToMultiByte
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
UnhandledExceptionFilter

user32

InSendMessage
GetCapture
GetMenuCheckMarkDimensions
GetProcessWindowStation
CloseClipboard
GetMessageTime
EmptyClipboard
DestroyWindow
GetShellWindow
CallWindowProcW
DrawTextW
InsertMenuW
RegisterClassExW
LoadCursorW
GetClassInfoExW
DefWindowProcW
IsWindow
GetParent
SetTimer
ShowWindow
InvalidateRect
ReleaseDC
GetDC
EndPaint
BeginPaint
ClientToScreen
GetClientRect
SendMessageW
GetCursor
CreateWindowExW
GetWindowLongW
SetWindowLongW
CharNextW
UnregisterClassW
CountClipboardFormats
DestroyCaret
GetMessageExtraInfo
GetClipboardSequenceNumber
GetKBCodePage
GetForegroundWindow
GetClipboardViewer
GetFocus

gdi32

SetBkMode
SetTextColor
CreateFontW
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetTextMetricsW
SelectObject
GetDeviceCaps
GdiFlush
DeleteObject

advapi32

RegDeleteValueW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW

shell32

ShellExecuteW
InitNetworkAddressControl
SHGetFolderPathW

ole32

CoFreeUnusedLibraries
CoCreateInstance
CoInitialize
OleRun
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

LoadRegTypeLi
LoadTypeLi
SysAllocStringLen
SysFreeString
SysAllocString
SysStringLen
VarBstrCmp
VariantInit
VariantClear
VariantCopy
VariantChangeType
VarUI4FromStr

Exports

Exports

DllRegisterServer
agcszoyjs
bahkgkxkdroklj
bkazzsdpctpmyra
dcvijtkp
ebwbczga
egmnvxfsu
ewoypwsbdapm
hmsecpcirudtpwdrb
hsmrylhuauw
iajdteucjvfcaoank
iptcbtkpsmiyvq
jesrbzi
jhzxggxvkkaehqtu
khpfutkkkmuvjr
milljqgtfxytovx
nifhpnjgwhb
pythelqvusbg
qbxvzfepxnaor

Sections

.text
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wTX6pg5eI.dll
.dll regsvr32 windows x86

36ed4043334e64f490ef67f21898fff6

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

pdh

PdhGetFormattedCounterValue
PdhCollectQueryData
PdhCloseQuery
PdhRemoveCounter
PdhAddCounterW
PdhValidatePathW
PdhOpenQueryW

kernel32

GetCommandLineA
GetUserDefaultLangID
TlsAlloc
GetThreadLocale
GetUserDefaultUILanguage
GetCurrentThread
GetLargePageMinimum
GetEnvironmentStringsW
GetCurrentThreadId
GetSystemDefaultLangID
GetOEMCP
AreFileApisANSI
GetCurrentProcess
GetLogicalDrives
MultiByteToWideChar
RaiseException
GetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
DecodePointer
EnterCriticalSection
LeaveCriticalSection
LoadResource
SizeofResource
FindResourceW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
GetModuleFileNameW
lstrcmpiW
FreeLibrary
MulDiv
SetLastError
IsProcessorFeaturePresent
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
UnregisterApplicationRestart
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
FreeEnvironmentStringsW
GetCommandLineW
IsValidCodePage
FindNextFileW
FindFirstFileExW
HeapReAlloc
HeapSize
GetFileType
GetStdHandle
GetModuleHandleExW
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
RtlUnwind
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
HeapFree
HeapAlloc
OutputDebugStringW
GetCPInfo
GetStringTypeW
LCMapStringEx
EncodePointer
FlushProcessWriteBuffers
UnregisterApplicationRecoveryCallback
IsDebuggerPresent
IsSystemResumeAutomatic
GetStartupInfoW
GetProcessHeap
CloseHandle
ReadFile
FindClose
GetACP
GetTickCount64
ReadConsoleW
SetStdHandle
CreateFileW
WriteConsoleW
TerminateProcess
SetUnhandledExceptionFilter
WriteFile
LocalFree
WideCharToMultiByte
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
UnhandledExceptionFilter

user32

InSendMessage
GetCapture
GetMenuCheckMarkDimensions
GetProcessWindowStation
CloseClipboard
GetMessageTime
EmptyClipboard
DestroyWindow
GetShellWindow
CallWindowProcW
DrawTextW
InsertMenuW
RegisterClassExW
LoadCursorW
GetClassInfoExW
DefWindowProcW
IsWindow
GetParent
SetTimer
ShowWindow
InvalidateRect
ReleaseDC
GetDC
EndPaint
BeginPaint
ClientToScreen
GetClientRect
SendMessageW
GetCursor
CreateWindowExW
GetWindowLongW
SetWindowLongW
CharNextW
UnregisterClassW
CountClipboardFormats
DestroyCaret
GetMessageExtraInfo
GetClipboardSequenceNumber
GetKBCodePage
GetForegroundWindow
GetClipboardViewer
GetFocus

gdi32

SetBkMode
SetTextColor
CreateFontW
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetTextMetricsW
SelectObject
GetDeviceCaps
GdiFlush
DeleteObject

advapi32

RegDeleteValueW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW

shell32

ShellExecuteW
InitNetworkAddressControl
SHGetFolderPathW

ole32

CoFreeUnusedLibraries
CoCreateInstance
CoInitialize
OleRun
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

LoadRegTypeLi
LoadTypeLi
SysAllocStringLen
SysFreeString
SysAllocString
SysStringLen
VarBstrCmp
VariantInit
VariantClear
VariantCopy
VariantChangeType
VarUI4FromStr

Exports

Exports

DllRegisterServer
agcszoyjs
bahkgkxkdroklj
bkazzsdpctpmyra
dcvijtkp
ebwbczga
egmnvxfsu
ewoypwsbdapm
hmsecpcirudtpwdrb
hsmrylhuauw
iajdteucjvfcaoank
iptcbtkpsmiyvq
jesrbzi
jhzxggxvkkaehqtu
khpfutkkkmuvjr
milljqgtfxytovx
nifhpnjgwhb
pythelqvusbg
qbxvzfepxnaor

Sections

.text
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

36ed4043334e64f490ef67f21898fff6

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

pdh

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 229KB - Virtual size: 229KB

.rdata Size: 71KB - Virtual size: 71KB

.data Size: 6KB - Virtual size: 9KB

.rsrc Size: 151KB - Virtual size: 150KB

.reloc Size: 11KB - Virtual size: 11KB

36ed4043334e64f490ef67f21898fff6

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

pdh

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 229KB - Virtual size: 229KB

.rdata Size: 71KB - Virtual size: 71KB

.data Size: 6KB - Virtual size: 9KB

.rsrc Size: 151KB - Virtual size: 150KB

.reloc Size: 11KB - Virtual size: 11KB

36ed4043334e64f490ef67f21898fff6

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

pdh

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 229KB - Virtual size: 229KB

.rdata Size: 71KB - Virtual size: 71KB

.data Size: 6KB - Virtual size: 9KB

.rsrc Size: 151KB - Virtual size: 150KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 229KB - Virtual size: 229KB

.rdata
Size: 71KB - Virtual size: 71KB

.data
Size: 6KB - Virtual size: 9KB

.rsrc
Size: 151KB - Virtual size: 150KB

.reloc
Size: 11KB - Virtual size: 11KB

.text
Size: 229KB - Virtual size: 229KB

.rdata
Size: 71KB - Virtual size: 71KB

.data
Size: 6KB - Virtual size: 9KB

.rsrc
Size: 151KB - Virtual size: 150KB

.reloc
Size: 11KB - Virtual size: 11KB

.text
Size: 229KB - Virtual size: 229KB

.rdata
Size: 71KB - Virtual size: 71KB

.data
Size: 6KB - Virtual size: 9KB

.rsrc
Size: 151KB - Virtual size: 150KB

.reloc
Size: 11KB - Virtual size: 11KB