ton[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ton.zip
Size

1.5MB
MD5

bf44100bd9147ebb369d682659186083
SHA1

2f41b3aefe7a6ade63b7bc134aa927f5b4db5a79
SHA256

f285ab6807eed1224cf6200b158770beeb87bf69a48c816a7b2029e6ddb1c19c
SHA512

bab8012528f06c1a1be5374ecb8ce5c7efcb966e060b2e7dc15809fd055c60d32b460485acacc1ea5ced02da279227c4be259d05492db3efbfb47b432c530526
SSDEEP

24576:hEDeWRrJxuzB9FBWvFepk29Zf18lzS2hh8MnHSEip8FVjtQrfqzRKaeKQgZG:hUtBuzBHpk29P8ltnSEipixQrfXoQCG

Score

N/A

Malware Config

Signatures

Files

ton.zip
.zip
ton/documents.lnk
.lnk
ton/ton/aerobraking.dat
.dll windows x64

8c7135d5af14c35536b780a7d9bf0878

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCommandLineA
SetCurrentDirectoryA
CreateFileA
FindClose
FindFirstFileA
FindNextFileA
GetFileType
SetFileAttributesA
SetFileTime
CloseHandle
HeapAlloc
HeapFree
GetProcessHeap
ExitProcess
GetCurrentThreadId
GetModuleFileNameA
GetModuleHandleA
SwitchToFiber
CreateFiber
CreateNamedPipeA
WaitNamedPipeA
GetComputerNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
GetModuleHandleExW
WriteConsoleW
GetCurrentProcess
TerminateProcess
MultiByteToWideChar
WideCharToMultiByte
WriteFile
LCMapStringW
FindFirstFileExA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
SetStdHandle
SetFilePointerEx
CreateFileW
RaiseException

Exports

Exports

CfS625T9f
HeNuB21N3
MiKvRo3xq
XqRsY25v
vcsfile

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ton/ton/emperor.bat

Sharing

General

Malware Config

Signatures

Files

8c7135d5af14c35536b780a7d9bf0878

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 94KB - Virtual size: 93KB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 1.1MB - Virtual size: 1.1MB

.pdata Size: 4KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 148B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 94KB - Virtual size: 93KB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 1.1MB - Virtual size: 1.1MB

.pdata
Size: 4KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 148B

.reloc
Size: 2KB - Virtual size: 1KB