HJ3019[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

HJ3019.zip
Size

547KB
MD5

632d644e66e02a84a20dfe8c966419ab
SHA1

94a8e82f2f16d7ef70b5b93ca1d0caa1f79720a6
SHA256

d4252adbcbe732ab40a290e01d70924e2142e749b5c31770968274666fced4ef
SHA512

8a279e88d4e88d589437b46213d3bbf622d200549e671170b1ef4b8af71c4a8933a7aa9322de19958db38b52fc9c4b9e4b644dcb3ccd18ba2eb2e7196fd305ee
SSDEEP

12288:ZGI1WW1CxqRp73g9EWbZe/9gWp3JYMWNWXXIDf30hpBoceUo:ZGITjpTWamWdWMWoX4DAD+X

Score

N/A

Malware Config

Signatures

Files

HJ3019.zip
.zip

Password: BV1
HJ3019.iso
.iso

Password: BV1
HJ.lnk
.lnk
watched/bluffers.png
.png
watched/childish.gif
watched/colloquium.jpg
.jpg
watched/inane.txt
watched/leaves.dat
.dll regsvr32 windows x86

Password: BV1

0ee02506e28d6ab342866f0848f25556

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TryEnterCriticalSection
WaitNamedPipeA
CreateNamedPipeA
EnterCriticalSection
DeleteFiber
LockFile
LeaveCriticalSection
InitializeCriticalSection
GetCurrentDirectoryA
SwitchToFiber
CreateFileA
DeleteFileA
CloseHandle
GetProcAddress
DeleteCriticalSection
GetFileType
CreateFiber
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
WriteFile
GetLastError
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetStdHandle
IsDebuggerPresent
MultiByteToWideChar
SetLastError
SetFilePointerEx
WriteConsoleW
HeapAlloc
HeapFree
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsSetValue
FreeLibrary
LoadLibraryExW
LCMapStringW
GetACP
IsValidCodePage
GetOEMCP
GetCPInfo
CreateFileW
GetStringTypeW
ExitProcess
GetModuleHandleExW
FlushFileBuffers
RtlUnwind

Exports

Exports

DllRegisterServer

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 221KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
watched/legality.png
.png
watched/notify.jpg
.jpg
watched/recovery.cmd
.cmd .vbs
watched/thronging.bat
.bat .vbs

Sharing

General

Malware Config

Signatures

Files

Password: BV1

Password: BV1

Password: BV1

0ee02506e28d6ab342866f0848f25556

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 71KB - Virtual size: 70KB

.rdata Size: 221KB - Virtual size: 220KB

.data Size: 120KB - Virtual size: 122KB

.gfids Size: 512B - Virtual size: 24B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 71KB - Virtual size: 70KB

.rdata
Size: 221KB - Virtual size: 220KB

.data
Size: 120KB - Virtual size: 122KB

.gfids
Size: 512B - Virtual size: 24B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 5KB