z3b26I5Szbuh2q-cpreTYeAHUblpAf_ZxV60AMWXKvI[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

z3b26I5Szbuh2q-cpreTYeAHUblpAf_ZxV60AMWXKvI.bin
Size

222KB
MD5

22f433881ccfe3dc90a764e2688970cc
SHA1

a8b85cce2c76191a33a09ee4051fa1359473b521
SHA256

cf76f6e88e52cdbba1daafdca6b79361e00751b96901ff99c55eb400c5972af2
SHA512

07dee8592a1d7b6022ff91bf87ce7252f6e5a3c319b6feb3d1886b989766f7e16887ae75f4d34fa1f65ffe4a7e0ee83429e706821dfda82ed2f3bea97deff58b
SSDEEP

6144:0HlGQRlixyXtKFM2hb7+zuIoucOXkCye2BmnejAF:IlRliAfCbazuIouJXkCmgne6

Score

N/A

Malware Config

Signatures

Files

z3b26I5Szbuh2q-cpreTYeAHUblpAf_ZxV60AMWXKvI.bin
.zip

Password: L875
LP#1584.iso
.iso .vbs

Password: L875
LPS.lnk
.lnk
cagily/epidemic.cmd
.cmd .vbs
cagily/whorl.dat
.dll regsvr32 windows x86

Password: L875

1d27833b4c581bf57ce155db88857e8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
ConnectNamedPipe
DisconnectNamedPipe
HeapCreate
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
ExitProcess
CreateThread
SuspendThread
ResumeThread
VirtualAlloc
GetProcAddress
SwitchToFiber
CreateFiber
LoadLibraryA
CreateNamedPipeA
WaitNamedPipeA
CreateActCtxA
ActivateActCtx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
InterlockedFlushSList
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
WriteConsoleW
DecodePointer
CreateFileW
RaiseException

Exports

Exports

DllInstall
DllRegisterServer
LvIz084rd2
PkpKbV7
RsI7100rs
VVNdyK

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: L875

Password: L875

Password: L875

1d27833b4c581bf57ce155db88857e8b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 89KB - Virtual size: 89KB

.rdata Size: 146KB - Virtual size: 145KB

.data Size: 78KB - Virtual size: 80KB

.gfids Size: 512B - Virtual size: 160B

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 146KB - Virtual size: 145KB

.data
Size: 78KB - Virtual size: 80KB

.gfids
Size: 512B - Virtual size: 160B

.reloc
Size: 6KB - Virtual size: 5KB