mfgoslt[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

mfgoslt.zip
Size

373KB
MD5

7a70daa887ac97836e0d605a4fad7014
SHA1

22dd2a1c409b2068ad0091d5e339f58345f829e1
SHA256

61253883f2cbdebcdc0cd51556d98435a5966b1ecb02a3c52a1f083a466157d8
SHA512

d58b682d466c9de3e28bb79ac56146c76bb2bd31505e579676480d9772f53ab00ceebd8acce2073ec27134960cddbdbd074b7d0a14a1aabfae0ae6abe3f2593f
SSDEEP

6144:7azDDMR7/G47LrVk7gGKLtfV55dgVjPdU1eSWbj8:7iAR7/GkOnkttodU1el8

Score

N/A

Malware Config

Signatures

Files

mfgoslt.zip
.dll windows x86

5383492b5e907d0dc6a11002282063a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryPerformanceCounter
CreateFileW
GetVolumeInformationW
GetSystemTime
OpenProcess
GetVersionExW
GetModuleHandleW
GetDateFormatW
LockResource
VirtualProtect
Sleep
GetCurrentDirectoryW
FindFirstChangeNotificationW
VirtualProtectEx
CompareStringW
CompareStringA
GetProcessHeap
SetEndOfFile
HeapSize
LoadLibraryA
CreateFileA
FlushFileBuffers
GetTimeFormatA
GetDateFormatA
HeapAlloc
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetLastError
HeapFree
WideCharToMultiByte
GetTimeZoneInformation
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
WriteFile
GetConsoleCP
GetConsoleMode
CloseHandle
RtlUnwind
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
ReadFile
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

tapi32

lineAccept
lineClose
lineOpenW
lineTranslateAddressW
lineShutdown
lineInitializeExW
lineTranslateDialogW

Exports

Exports

Cutmass
Middlewall

Sections

.text
Size: 333KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5383492b5e907d0dc6a11002282063a4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

version

tapi32

Exports

Exports

Sections

.text Size: 333KB - Virtual size: 332KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 5KB - Virtual size: 372KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 333KB - Virtual size: 332KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 5KB - Virtual size: 372KB

.reloc
Size: 8KB - Virtual size: 7KB