core[.]zip | Triage

Submit
Reports

Overview

overview

Static

static

borrow-64.dll

windows7_x64

borrow-64.dll

windows10-2004_x64

cmd.bat

windows7_x64

1

cmd.bat

windows10-2004_x64

1

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

borrow-64.dll

Resource

win7-20220414-en

icedid 310022019 banker core_loader trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

borrow-64.dll

Resource

win10v2004-20220414-en

icedid 310022019 banker core_loader trojan

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

cmd.bat

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

cmd.bat

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

General

Target

core.zip
Size

993KB
MD5

cd31428d755cff372cd86c0ed680cfea
SHA1

fd6c3eff3cb2c71400f11143c834d733442fb2a6
SHA256

cc8ccd77250ff580a83adfcf189f79f5fbff4bf337b7a85c42062c6a15a26204
SHA512

4389d7085e8447f3404d6157102081d9c65610371e0ee8f67ee9a2143bc2d030ba9d84784961918999d3673ec0e541e7b1f0d5ea6b4f7a3455a801967c911762
SSDEEP

24576:JB90JTqSr2q9TFA4GUazl/L2gaQZN2Ah4YUsU01aNNscJ:Obr2q9f

Score

N/A

Malware Config

Signatures

Files

core.zip
.zip

Password: infected
borrow-64.tmp
.dll windows x64

Password: infected

2c91875c1c28736dcf30808f4ab02fc8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

imm32

ImmGetGuideLineW
ImmGetCandidateWindow
ImmUnregisterWordA
ImmEnumRegisterWordA
ImmDestroyContext

usp10

ScriptApplyLogicalWidth
ScriptString_pcOutChars
ScriptString_pLogAttr
ScriptShapeOpenType
ScriptGetLogicalWidths

msvfw32

GetOpenFileNamePreviewW
DrawDibBegin
ICSeqCompressFrame
ICImageDecompress
ICImageCompress
ICGetDisplayFormat
ord2
ICRemove

rasapi32

RasCreatePhonebookEntryW
RasDialW
RasDialA
RasSetCustomAuthDataW

Exports

Exports

CT2EkYsw1q
EOt155SoK
IRlB9lxF
JM9iX3
NKLPBw
UrXfzdm
UwdeEu
eUCv6WT4hd
hasdnuhas
mEIFRbv
rGSDobEY
rqdYv5Whlv
vxkD0cUixE
yJmTmw8q

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 640KB - Virtual size: 639KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cmd.bat
license.dat

© 2018-2024

Terms | Privacy