VK example anketa zapolneniya COVID-19 pdf version[.]pdf[.]exe

Resubmissions

09/09/2022, 13:00

220909-p81x8acacq 1

09/09/2022, 12:57

220909-p7blyacack 1

Sharing

Copy URL Twitter E-mail

General

Target

VK example anketa zapolneniya COVID-19 pdf version.pdf.exe
Size

4.1MB
MD5

63f2866570d507803e7033ef7f11483f
SHA1

cb0b750513028704158e7129dede7b8c51c5a769
SHA256

2e551962c5d2641f8ff5e35156e7b2f1a02f6c0c29c4066692a7e14541f5ac93
SHA512

5ebd9b7fb845b6296347003c0983263c9332c2a315ade4d314c469a0b5530f794e94003b7d8ab18ba69e64bbdab73bc30529c818d742d2b705228b203579fe60
SSDEEP

49152:hnVwASOCGtlqiVb3fG/EXxcf1RzGO0EaTT4adHY8cFlDhMrywCuL9B6bnu+L8cF/:xBrQaT0wY4Cw6bHLw+y

Score

N/A

Malware Config

Signatures

Files

VK example anketa zapolneniya COVID-19 pdf version.pdf.exe
.exe windows x64

Password: ciaone

03704c4871d7b117ff0dff424630662b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

secur32

InitializeSecurityContextA
FreeContextBuffer
QuerySecurityPackageInfoA
FreeCredentialsHandle
DeleteSecurityContext
CompleteAuthToken
AcquireCredentialsHandleA

kernel32

PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ReleaseMutex
WaitForSingleObject
CreateMutexW
GetCurrentProcessId
TlsAlloc
TlsGetValue
TlsFree
VerSetConditionMask
CreateFileA
ReadFile
WriteFile
DuplicateHandle
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
SetEvent
SleepEx
CreateEventW
SetWaitableTimer
Sleep
WaitForMultipleObjects
QueueUserAPC
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
TerminateThread
TlsSetValue
CreateProcessA
GetLastError
HeapSize
CreateWaitableTimerA
CreateNamedPipeA
VerifyVersionInfoA
CreateJobObjectA
MultiByteToWideChar
FormatMessageA
LocalFree
AreFileApisANSI
WideCharToMultiByte
GetSystemTime
SystemTimeToFileTime
GetStdHandle
GetFileType
GetModuleHandleW
GetProcAddress
FindClose
FindNextFileW
RtlVirtualUnwind
QueryPerformanceCounter
GetTickCount
FreeLibrary
GlobalMemoryStatus
LoadLibraryW
LoadLibraryA
FlushConsoleInputBuffer
ExitProcess
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
CloseHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
AssignProcessToJobObject
GetProcessHeap
ReadConsoleInputW
WriteConsoleW
SetEndOfFile
TerminateJobObject
RtlUnwind
SetConsoleMode
GetFullPathNameW
GetCurrentDirectoryW
GetTimeZoneInformation
SetStdHandle
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapAlloc
HeapReAlloc
HeapFree
GetCommandLineW
GetCommandLineA
GetModuleFileNameW
GetConsoleCP
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetModuleHandleExW
FreeLibraryAndExitThread
GetDriveTypeW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
QueryPerformanceFrequency
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
WaitForSingleObjectEx
GetExitCodeThread
GetNativeSystemInfo
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
CompareStringEx
GetCPInfo
LCMapStringEx
GetLocaleInfoEx
GetStringTypeW
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
LoadLibraryExW
SetConsoleCtrlHandler
CreateThread
ExitThread
CreateFileW

user32

GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation

shell32

SHGetFolderPathA

advapi32

RegisterEventSourceW
DeregisterEventSource
ReportEventW

ws2_32

select
ntohs
ntohl
listen
htons
htonl
getsockopt
WSASend
shutdown
connect
closesocket
bind
accept
__WSAFDIsSet
WSACleanup
WSAStartup
WSASendTo
WSASocketW
setsockopt
WSASetLastError
WSAGetLastError
WSAIoctl
WSARecv
ioctlsocket
WSARecvFrom
getaddrinfo
freeaddrinfo
WSAStringToAddressW
recv
send
getsockname

mswsock

AcceptEx
GetAcceptExSockaddrs

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 710KB - Virtual size: 710KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 494KB - Virtual size: 518KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: ciaone

03704c4871d7b117ff0dff424630662b

Headers

DLL Characteristics

File Characteristics

Imports

secur32

kernel32

user32

shell32

advapi32

ws2_32

mswsock

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 710KB - Virtual size: 710KB

.data Size: 494KB - Virtual size: 518KB

.pdata Size: 123KB - Virtual size: 123KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 69KB - Virtual size: 68KB

.reloc Size: 28KB - Virtual size: 27KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 710KB - Virtual size: 710KB

.data
Size: 494KB - Virtual size: 518KB

.pdata
Size: 123KB - Virtual size: 123KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 69KB - Virtual size: 68KB

.reloc
Size: 28KB - Virtual size: 27KB