core[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

core.zip
Size

1.5MB
MD5

b0615ed0bc00d1457b6ad9f80562044e
SHA1

3f9544a9311068a3d895d8c90fac90ed60c7b6e3
SHA256

2ada2c277892b76f242995180ebee3393c4aacd7934e45a0cb0d31908fe80daa
SHA512

67431368547697573b168918d42064dbb6ed971ef5d0c6de8220435813dbd44c6ab32453cd596b050357968a5028952b443faf84cf358d431c29552fd7c4e0b2
SSDEEP

24576:QB90JTqSr2q9wzUjzB5zkg5JDvqpzUhIjOk+6KcyIXX9c8eNJYyJElsBK93sOFD5:nbr2q9wn

Score

N/A

Malware Config

Signatures

Files

core.zip
.zip

Password: infected
cmd.bat
crack64.dat
.dll windows x64

Password: infected

d3fd32d986401f4163ffd9325d4d9abb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

gdi32

GetLogColorSpaceA
ColorMatchToTarget
CreateCompatibleDC

usp10

ScriptGetFontLanguageTags
ScriptGetFontScriptTags
ScriptApplyDigitSubstitution
ScriptIsComplex
ScriptStringGetOrder
ScriptStringFree
ScriptStringAnalyse
ScriptCacheGetHeight
ScriptGetProperties
ScriptPlace

shlwapi

StrFormatByteSize64A
ord153
StrCatW
StrRetToBufW
ord158
StrToIntA

rasapi32

RasDeleteSubEntryW
RasFreeEapUserIdentityW
RasGetCustomAuthDataA
RasGetAutodialAddressA
RasConnectionNotificationW
RasSetEntryPropertiesW
RasGetEntryPropertiesA
RasEditPhonebookEntryA
RasCreatePhonebookEntryW

Exports

Exports

DVsNzBC3V
J2n5pD
OGFZmjLhsg5
ObDP0TU
ShbMwESm
ZmldoDmhRD
bNj5REUwzB
uijnsdvfbgsz
yXT9p3

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 564KB - Virtual size: 563KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
exhibitx32.tmp
.dll windows x64

Password: infected

103c68e32eac1fed7e905052eebb262b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

imm32

ImmGetGuideLineW
ImmSetCompositionFontW
ImmConfigureIMEW
ImmReleaseContext

gdi32

ExtTextOutW
GetEnhMetaFileBits
GetPolyFillMode
Escape
EnumFontFamiliesA
CreateDIBitmap
CreatePen
Ellipse
GetObjectW

usp10

ScriptBreak
ScriptCPtoX

shlwapi

StrCmpW
StrStrNIW
StrStrIW
StrCmpNW
StrDupW
StrFormatByteSizeA
StrIsIntlEqualW
StrRChrW

Exports

Exports

BdHdprP
IYTwLK
PfcQEA5S
QIKETNJkS9k
SBR1CJ9N
T0YH5DYUn
XLyDDVhR6KT
YxKopvJ
fF0kWcQjrT
hADmmIR
l9NlyBzKw
n2qN2CcAs
rtbeert
tpcLNTuJ46p
uijnsdvfbgsz
w2ykUZuCAL
yWP4rhIFn

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 564KB - Virtual size: 563KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
license.dat

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

d3fd32d986401f4163ffd9325d4d9abb

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

usp10

shlwapi

rasapi32

Exports

Exports

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 564KB - Virtual size: 563KB

Password: infected

103c68e32eac1fed7e905052eebb262b

Headers

DLL Characteristics

File Characteristics

Imports

imm32

gdi32

usp10

shlwapi

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 564KB - Virtual size: 563KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 564KB - Virtual size: 563KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 564KB - Virtual size: 563KB