file | Triage

Resubmissions

22-02-2022 16:11

220222-tmycesahb3 10

22-02-2022 16:10

220222-tmvxasbhfm 10

17-02-2022 17:57

220217-wj3h3scgd9 10

17-02-2022 15:34

220217-sz1gwacehj 10

Sharing

Copy URL

Twitter E-mail

General

Target

file
Size

688KB
MD5

1476db37133a4ee13c06ccf8535cbcaf
SHA1

a2291667ddc83ca261ac06b7d96d617f24239ec9
SHA256

53ae67abfc5065a0a7a9d1e7045d06496dc7aa7c6eabd851514a457d3e7f0e61
SHA512

62e76ba0109372de92ee290c746a6d5564d32bb0a972de706be630b19451cc25d2e6dbf3018ee8136cc4f53d26fedbfddce95871910f7804b78636fcf9ec934d
SSDEEP

12288:5QHrRbsTP9qoTVIj8xjmHFlmxQIryVfIS3+cwTcqMOW05JL/7q1R/rO:5+9bEpVs8EHHjG2BfUfMOWuJ3wjO

Score

N/A

Malware Config

Signatures

Files

file
.zip
core.bat
grunt_64.tmp
.dll windows x64

ee2398bbfad08812cdc84de1ce317345

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetTickCount
AreFileApisANSI
GetOEMCP
UnregisterApplicationRecoveryCallback
SetFileApisToOEM
GetUserDefaultLangID
GetLastError
IsDebuggerPresent
GetACP
GetEnvironmentStringsW
GetCurrentProcess
TlsAlloc
GetCurrentProcessorNumber
RaiseException
InitializeCriticalSectionEx
DeleteCriticalSection
DecodePointer
MultiByteToWideChar
LoadResource
SizeofResource
FindResourceW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
GetModuleFileNameW
GetLogicalDrives
FreeLibrary
WriteConsoleW
CreateFileW
ReadConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetCommandLineW
GetCommandLineA
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
HeapSize
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
GetStdHandle
HeapFree
GetProcessHeap
GetSystemDefaultUILanguage
CloseHandle
ReadFile
FindClose
GetTickCount64
lstrcmpiW
LoadLibraryA
HeapReAlloc
HeapAlloc
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
RtlUnwindEx
RtlPcToFileHeader
OutputDebugStringW
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
TlsFree
TlsSetValue
TlsGetValue
InitializeCriticalSectionAndSpinCount
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
WideCharToMultiByte

user32

CloseClipboard
GetActiveWindow
DestroyCaret
IsProcessDPIAware
GetMenuCheckMarkDimensions
CreateMenu
GetClipboardViewer
EmptyClipboard
GetCapture
GetForegroundWindow
AnyPopup
SetCursor
LoadCursorW
CharNextW
GetCursor
CountClipboardFormats
GetShellWindow
GetOpenClipboardWindow

advapi32

RegSetValueExW
RegEnumKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW

shell32

InitNetworkAddressControl

ole32

CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoUninitialize
CoTaskMemAlloc

oleaut32

VarUI4FromStr

wininet

InternetQueryDataAvailable

Exports

Exports

DllMain
dzebqifjvw
fdadifiaeebbhxob
mcoonvhzditga
rvdykjneokdov
sqlwzaqyhcnnh
usznnsfdj

Sections

.text
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gehcont
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
license.dat

Resubmissions

Sharing

General

Malware Config

Signatures

Files

ee2398bbfad08812cdc84de1ce317345

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

wininet

Exports

Exports

Sections

.text Size: 253KB - Virtual size: 252KB

.rdata Size: 222KB - Virtual size: 222KB

.data Size: 5KB - Virtual size: 11KB

.pdata Size: 10KB - Virtual size: 9KB

.gfids Size: 1024B - Virtual size: 792B

.tls Size: 512B - Virtual size: 9B

.gehcont Size: 512B - Virtual size: 32B

.rsrc Size: 73KB - Virtual size: 73KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 253KB - Virtual size: 252KB

.rdata
Size: 222KB - Virtual size: 222KB

.data
Size: 5KB - Virtual size: 11KB

.pdata
Size: 10KB - Virtual size: 9KB

.gfids
Size: 1024B - Virtual size: 792B

.tls
Size: 512B - Virtual size: 9B

.gehcont
Size: 512B - Virtual size: 32B

.rsrc
Size: 73KB - Virtual size: 73KB

.reloc
Size: 3KB - Virtual size: 3KB