yA0A[.]tmp[.]bin[.]zip | Triage

Submit
Reports

Overview

overview

Static

static

yA0A.tmp.dll

windows7_x64

yA0A.tmp.dll

windows10-2004_x64

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

yA0A.tmp.dll

Resource

win7-20220331-en

gozi_rm3 banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

yA0A.tmp.dll

Resource

win10v2004-en-20220113

gozi_rm3 banker trojan

windows10-2004_x64

0 signatures

0 seconds

General

Target

yA0A.tmp.bin.zip
Size

84KB
MD5

43f48b9407bd4e67f5f20e7e679ba193
SHA1

84bc285f4584f7cc6f0c966d19e2bf8f97820e04
SHA256

dedd163599da14f5c9082a6611c08342d9b68681f770b4e083ed4f513b215420
SHA512

69ba3904f18316b6f452592ace0670bc2df6cf00f025fbe35d57d1e5c3fde06716b23c036b9ad0b71bcb2202d67e516222768078d6e150bd33ab7752f4d52d79
SSDEEP

1536:rGIO1Fv1yaKxQBPhMQfdaJGgQs0ECbZZ5GTt0iq8s4aBsF2QtnAuPsepr:Gf0aVBPhMQfdaoYCZ5Qty4ostnxsQ

Score

N/A

Malware Config

Signatures

Files

yA0A.tmp.bin.zip
.zip

Password: infected
yA0A.tmp.bin
.dll regsvr32 windows x86

69bb86c7d208b22cb0fcb7f481426a22

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

CreateEllipticRgn
CreatePolyPolygonRgn
FrameRgn
GetRandomRgn
GdiComment
GetArcDirection
CopyMetaFileA

rasapi32

RasEnumConnectionsW
RasGetEntryDialParamsA
RasGetSubEntryHandleA
RasInvokeEapUI
RasDeleteSubEntryW
RasDialW

Exports

Exports

AGVKwBm5ra
APgQ4H
BMPWBPaSooR
BXJbTZedX
BZ5dWj
BnS3Z9k
Bp6IrB
CASvBKlBqK
CFvHs3
CMTjwVe
CcMtup
Cz2giM0
DWUacQ1gb
DllRegisterServer

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 772B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bbs
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy