valak | 4216955b348944c3b5801607dd14f27433273f2f2e20b133a61c62b353f692a1

General

Target

4216955b348944c3b5801607dd14f27433273f2f2e20b133a61c62b353f692a1
Size

191KB
MD5

3c333422b46165447cc4ba0b720bbd44
SHA1

557cdb8345666fe7095a91f26c4f0c8dc99e637f
SHA256

4216955b348944c3b5801607dd14f27433273f2f2e20b133a61c62b353f692a1
SHA512

401191df089503c2ca15708ff7cee83f132296dce585330572833390f29e79a567fd5501510f68ff894a549d2f741d4b24035391999632a08a537d0563ef69e9
SSDEEP

3072:n8O5wFoNoGq3n3EZSOqXmBKUAvIockyysG37BRLASLHNOxDxIsPa/o1nA:n8zohEUZWuy3llDLNOx1IsP4oy

Score

10^/10

valak

Malware Config

Signatures

Valak JavaScript Loader 1 IoCs

Processes:

resource yara_rule

sample valak_js
Valak family
valak

resource	yara_rule
sample	valak_js

Files

4216955b348944c3b5801607dd14f27433273f2f2e20b133a61c62b353f692a1
.dll regsvr32 windows x86

d6f7916f9bfbcd1c61b934a2411bb3c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
SetFilePointer
CreateFileA
CloseHandle
GetModuleHandleW
WinExec
WriteConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InterlockedFlushSList
RaiseException
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
GetFileType
LCMapStringW
GetProcessHeap
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
DecodePointer

Exports

Exports

DllRegisterServer

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d6f7916f9bfbcd1c61b934a2411bb3c5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 58KB - Virtual size: 57KB

.rdata Size: 124KB - Virtual size: 123KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 58KB - Virtual size: 57KB

.rdata
Size: 124KB - Virtual size: 123KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 5KB