General

Malware Config

Signatures

Files

• 001f329a99a84175ebadb671170482baeef0338807e93f399825381e58807f37.7z

  .7z

  Password: infected

• 001f329a99a84175ebadb671170482baeef0338807e93f399825381e58807f37

  .zip
• oloo@mid.ru/0001202110250033.pdf

  .pdf
• oloo@mid.ru/20_10_2021_01_6101_21____________________________.pdf

  .pdf
• oloo@mid.ru/??? ?? ??????????.docx

  .docx .doc office2007
• oloo@mid.ru/?????? ? ????????????????? ?? ????? ?? ???????.docx

  .docx .doc office2007
• oloo@mid.ru/?????? ? ??????????????? ?? ????? ?? ???????.docx

  .docx .doc office2007
• oloo@mid.ru/???????? ?? ????????? ???????????? ??????.pdf

  .pdf
• oloo@mid.ru/????????? ??? ??????????? ???????? ? ??????????? ???????? ???????????????.exe

  .exe windows x86

  3eaa732d4dae53340f9646bdd85dac41

  
  

  Code Sign

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  comctl32

  InitCommonControlsEx

  shlwapi

  SHAutoComplete

  kernel32

  ReadFile

  GetFileAttributesW

  SetFileAttributesW

  FindNextFileW

  GetFullPathNameW

  GetModuleFileNameW

  FindResourceW

  GetModuleHandleW

  FreeLibrary

  GetProcAddress

  LoadLibraryW

  GetCurrentProcessId

  GetLocaleInfoW

  GetNumberFormatW

  ExpandEnvironmentStringsW

  WaitForSingleObject

  DosDateTimeToFileTime

  GetDateFormatW

  GetTimeFormatW

  FileTimeToSystemTime

  FileTimeToLocalFileTime

  GetExitCodeProcess

  GetTempPathW

  MoveFileExW

  Sleep

  UnmapViewOfFile

  MapViewOfFile

  GetCommandLineW

  CreateFileMappingW

  GetTickCount

  SetEnvironmentVariableW

  OpenFileMappingW

  CreateThread

  EnterCriticalSection

  LeaveCriticalSection

  GetProcessAffinityMask

  ReleaseSemaphore

  ResetEvent

  DeleteCriticalSection

  SetEvent

  SetThreadPriority

  InitializeCriticalSection

  CreateEventW

  CreateSemaphoreW

  SystemTimeToFileTime

  GetSystemTime

  LocalFileTimeToFileTime

  WideCharToMultiByte

  MultiByteToWideChar

  CompareStringW

  IsDBCSLeadByte

  FindFirstFileW

  GetFileType

  SetCurrentDirectoryW

  WriteConsoleW

  GetConsoleOutputCP

  WriteConsoleA

  SetStdHandle

  GetLocaleInfoA

  GetStringTypeW

  GetStringTypeA

  LoadLibraryA

  GetConsoleMode

  GetConsoleCP

  InitializeCriticalSectionAndSpinCount

  QueryPerformanceCounter

  SetHandleCount

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  GetEnvironmentStrings

  FreeEnvironmentStringsA

  LCMapStringW

  LCMapStringA

  IsValidCodePage

  GetOEMCP

  GetACP

  GetModuleFileNameA

  ExitProcess

  HeapSize

  IsDebuggerPresent

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  TerminateProcess

  VirtualAlloc

  VirtualFree

  HeapCreate

  InterlockedDecrement

  GetCurrentThreadId

  InterlockedIncrement

  TlsFree

  TlsSetValue

  TlsAlloc

  TlsGetValue

  GetStartupInfoA

  GetCommandLineA

  RaiseException

  GetSystemTimeAsFileTime

  SetEndOfFile

  SetFilePointer

  GetStdHandle

  WriteFile

  FlushFileBuffers

  GetLongPathNameW

  MoveFileW

  GetShortPathNameW

  CreateDirectoryW

  RemoveDirectoryW

  GlobalAlloc

  DeleteFileW

  FindClose

  CreateFileW

  DeviceIoControl

  SetFileTime

  GetCurrentProcess

  CloseHandle

  CreateHardLinkW

  SetLastError

  GetLastError

  GetCurrentDirectoryW

  CreateFileA

  GetCPInfo

  HeapAlloc

  HeapReAlloc

  HeapFree

  RtlUnwind

  user32

  EnableWindow

  ShowWindow

  GetDlgItem

  MessageBoxW

  FindWindowExW

  GetParent

  MapWindowPoints

  CreateWindowExW

  UpdateWindow

  LoadCursorW

  RegisterClassExW

  DefWindowProcW

  DestroyWindow

  CopyRect

  IsWindow

  CharUpperW

  OemToCharBuffA

  LoadIconW

  PostMessageW

  GetSysColor

  SetForegroundWindow

  WaitForInputIdle

  IsWindowVisible

  DialogBoxParamW

  DestroyIcon

  SetFocus

  GetClassNameW

  SendDlgItemMessageW

  EndDialog

  GetDlgItemTextW

  SetDlgItemTextW

  wvsprintfW

  SendMessageW

  GetDC

  ReleaseDC

  PeekMessageW

  GetMessageW

  TranslateMessage

  DispatchMessageW

  LoadStringW

  GetWindowRect

  GetClientRect

  SetWindowPos

  GetWindowTextW

  SetWindowTextW

  GetSystemMetrics

  GetWindow

  GetWindowLongW

  SetWindowLongW

  LoadBitmapW

  gdi32

  GetDeviceCaps

  CreateCompatibleDC

  GetObjectW

  CreateCompatibleBitmap

  SelectObject

  StretchBlt

  DeleteDC

  DeleteObject

  comdlg32

  GetSaveFileNameW

  CommDlgExtendedError

  GetOpenFileNameW

  advapi32

  RegOpenKeyExW

  RegQueryValueExW

  RegCreateKeyExW

  RegSetValueExW

  RegCloseKey

  SetFileSecurityW

  OpenProcessToken

  LookupPrivilegeValueW

  AdjustTokenPrivileges

  shell32

  SHChangeNotify

  SHGetFileInfoW

  SHGetMalloc

  SHGetSpecialFolderLocation

  SHGetPathFromIDListW

  SHBrowseForFolderW

  ShellExecuteExW

  SHFileOperationW

  ole32

  CLSIDFromString

  CoCreateInstance

  OleInitialize

  OleUninitialize

  CreateStreamOnHGlobal

  oleaut32

  VariantInit

  Sections

  .text

  Size: 148KB - Virtual size: 148KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 20KB - Virtual size: 19KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 5KB - Virtual size: 133KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 37KB - Virtual size: 37KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• oloo@mid.ru/BMP-13.pdf

  .pdf

  • https://roszdravnadzor.gov.ru/services/misearch

    Analyze

  • http://www.rasudm.org/

    Analyze

  • https://www.covid19-druginteractions.org/

    Analyze

  • https://www.rosminzdrav.ru/ministry/med_covid19

    Analyze

  • http://far.org.ru/newsfar/496-metreccovid19

    Analyze

  • https://minzdrav.gov.ru/ministry/med_covid19

    Analyze

  • https://grls.rosminzdrav.ru/Grls_View_v2.aspx?routingGuid=d494c688-0bc6-4c30-9e81-23f043ceb43e&t

    Analyze

  • https://grls.rosminzdrav.ru/Grls_View_v2.aspx?routingGuid=be951906-cc2c-40ff-af19-30edb36c68ad&t=

    Analyze

  • https://grls.rosminzdrav.ru/Grls_View_v2.aspx?routingGuid=d8f07c35-7edc-49ab-8647-6b6865449167&t=

    Analyze

  • https://grls.rosminzdrav.ru/Grls_View_v2.aspx?routingGuid=71035dbe-6178-42c0-8d36-aa54e546a65b&t=

    Analyze

  • https://grls.rosminzdrav.ru/Grls_View_v2.aspx?routingGuid=f4cd02c1-291c-4ebf-901b-48ab39339a1d&t=

    Analyze

  • https://www.evms.edu/covid-19/covid_care_for_clinicians/#covidcare

    Analyze

  • https://www.bundesgesundheitsministerium.de/en/en/press/2020/coronavirus.html

    Analyze

  • https://www.vmeda.org/wp-content/uploads/2020/03/koronavirus-metod-rekomendaczii.pdf

    Analyze

  • https://journals.lww.com/ccejournal/pages/currenttoc.aspx

    Analyze

  • https://link.springer.com/article/10.1007/s10875-017-0439-x#auth-1

    Analyze

  • https://link.springer.com/journal/10875

    Analyze

  • https://link.springer.com/article/10.1007/s10875-017-0439-x

    Analyze

  • https://doi.org/10.1182/blood.2018894618

    Analyze

  • https://www.sciencedirect.com/science/article/pii/S1477893920300910?via%3Dihub#!

    Analyze

  • https://www.sciencedirect.com/science/journal/14778939

    Analyze

  • https://www.sciencedirect.com/science/journal/14778939/34/supp/C

    Analyze

  • https://doi.org/10.1016/j.tmaid.2020.101623

    Analyze

  • https://doi.org/10.1093/eurheartj/ehaa286

    Analyze

  • https://www.cdc.gov/coronavirus/2019-nCoV/hcp/index.html

    Analyze

  • http://www.who.int/ethics/publications/infectious-disease-outbreaks/en/

    Analyze

  • https://www.who.int/bloodproducts/brn/2017_BRN_PositionPaper_ConvalescentPlasma.pdf

    Analyze

  • https://nmfo/

    Analyze

  • https://nmfo-vo.edu.rosminzdrav.ru/#/user-account/view-iom/e8b1f2ca-6be5-9125-4a1e-0d99867e2f21

    Analyze

  • https://doi.org/10.20862/0042-4676-2020-101-2-

    Analyze

  • https://www.covid19treatmentguidelines.nih.gov/

    Analyze

  • https://roszdravnadzor.gov.ru/services/misearch/

    Analyze

  • https://static-0.minzdrav.gov.ru/system/attachments/attaches/000/050/914/original/03062020_%D0%B4%D0%B5%D1%82%D0%B8_COVID-19_v2.pdf

    Analyze

  • https://static-0.minzdrav.gov.ru/system/attachments/attaches/000/057/333/original/05072021_MR_Preg_v4.pdf

    Analyze

  • https://static-0.minzdrav.gov.ru/system/attachments/attaches/000/051/187/original/31072020_Reab_COVID-19_v1.pdf

    Analyze

  • https://static-0.rosminzdrav.ru/system/attachments/attaches/000/050/033/original/RESP_REC_V2.pdf

    Analyze

  • https://static-0.minzdrav.gov.ru/system/attachments/attaches/000/050/945/original/06072020_MR_DISP_v1.pdf

    Analyze

  • https://static-1.rosminzdrav.ru/system/attachments/attaches/000/050/527/original/27052020_MR_STAT_1.pdf

    Analyze

  • https://static-0.minzdrav.gov.ru/system/attachments/attaches/000/057/506/original/MZ_vaccination_160721.pdf?1627106438

    Analyze

  • https://ru.wikipedia.org/w/index.php?title=Positive_End_Expiratory_Pressure&action=edit&redlink=1

    Analyze
  • Show all