core[.]zip | Triage

Submit
Reports

Overview

overview

Static

static

cmd.bat

windows7-x64

1

cmd.bat

windows10-2004-x64

1

emotion_x64.dll

windows7-x64

emotion_x64.dll

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

cmd.bat

Resource

win7-20220901-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

cmd.bat

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral3

Sample

emotion_x64.dll

Resource

win7-20220812-en

icedid 2603480109 banker core_loader trojan

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral4

Sample

emotion_x64.dll

Resource

win10v2004-20220812-en

icedid 2603480109 banker core_loader trojan

windows10-2004-x64

1 signatures

150 seconds

General

Target

core.zip
Size

1017KB
MD5

188084be0beeb33a277c37edaf72a7b5
SHA1

b4a84d3d980fd9fbb1e77f3f75e1fcd1c5b19718
SHA256

07bd40bece65fd872a2f5cf9e03a9c8182177f6c4925d98f979af1f90f387f77
SHA512

fc9a97ffdda6479cc51a56f1724026736792d7d4069c5b17a01a4865b95cf3d70a9d877abc315512e5443c3cef6931c5a452aae697f703bd563701bd9981112d
SSDEEP

12288:nStp0lxwwwZwgTwww4wswGLJgVwDX7dJwexuIChn1C+wd3NwyMPrdFLfxI3dvJ7k:GO+b7HaobdHPy8WV

Score

N/A

Malware Config

Signatures

Files

core.zip
.zip

Password: infected
cmd.bat
emotion_x64.tmp
.dll windows x64

Password: infected

8cb1be5311553e6398bbc85601742447

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseHandle
WaitForSingleObject
CreateEventW
VirtualAlloc
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
FillConsoleOutputCharacterA
FillConsoleOutputAttribute
SetConsoleOutputCP
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
SetConsoleTextAttribute
SetConsoleWindowInfo
ScrollConsoleScreenBufferA
SetConsoleTitleA

shlwapi

StrCmpNA
StrChrNW
StrChrA
StrRChrA

rasapi32

RasEnumAutodialAddressesA
RasGetAutodialAddressW
RasEnumEntriesA
RasInvokeEapUI

Exports

Exports

JbabJWpMVUj
KdTDUGVqEHf
NZibrGxYMyuXdh
QUJskSdrCPAg
QgSPjXUYMyCdzL
SrKuaPJFNMJtYoup
atBKBEteGVeMIKko
dqSPMOyuKjiOUiE
hoFUiUrRobm
keDKOMTSEHfJrBG
pQzEHghSvhDpRuB
poisahydgabshnduhaysjjsjdkas
sXSUrbFUakS
xnBHEiYrSPSaoUc

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 634KB - Virtual size: 634KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
license.dat

© 2018-2025

Terms | Privacy