kutaki | 23e1b2051d263e36627e488507b118c1c1db489ce9622c592201faeaf6182d5f | Triage

Sharing

General

Target

23e1b2051d263e36627e488507b118c1c1db489ce9622c592201faeaf6182d5f
Size

299KB
MD5

9114a4dcdcda4bc7c415b282e2a9a7d9
SHA1

9e900b9bcf133d4696f1c6437009cfc598aede0c
SHA256

23e1b2051d263e36627e488507b118c1c1db489ce9622c592201faeaf6182d5f
SHA512

dd95252d298dfd20ce63a3a2ecd8185ed1e2553d236a471a415340e5bb5339978e817edd94c49f5903e097dce751acbdf988420faefbfaac4c115bf452adaed0
SSDEEP

6144:UEnrcSg+kW4ulA9lmH9/VCWY3rw9lGbkCuTQ2S0y+lOiHTotWxynDYRH:Tnr334iA9lmd/gruF02S0sCktBDYRH

Score

10^/10

kutaki

Malware Config

Signatures

Kutaki Executable 1 IoCs

resource	yara_rule
static1/unpack001/Confirm_Cheque.cmd	family_kutaki

Kutaki family
kutaki

Files

23e1b2051d263e36627e488507b118c1c1db489ce9622c592201faeaf6182d5f
.zip
Confirm_Cheque.cmd
.exe windows x86

b733d4a55a1a4a388cc363744bf3e621

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord696
ord698
MethCallEngine
ord516
ord518
ord626
ord519
ord667
ord591
ord592
ord593
ord594
ord595
ord596
ord598
ord520
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord528
ord529
ord561
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord713
ord714
ord607
ord608
ord716
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord581

Sections

.text
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ