DllUnregisterServer
DrawThemeIcon
aldhafara
breastheight
marmorean
soniou
vag
Static task
static1
General
-
Target
OE72.vhd
-
Size
2.0MB
-
MD5
0173f7ac4558295faa5517b947f40fce
-
SHA1
893d904e481740f647685432e8063e511079a8c0
-
SHA256
3e7c7f040945f48a7e925612ba32eb1986778a88b66f4630e70dfead5491ef6b
-
SHA512
4db8db48bb6c40a650ae0aa34231839d67d1f5d2628634c6a344b4671db7ffd97084e8a7ccaf00872d4f8bf3f438bf8215ef84bf4b021405f269a8e38cf51d3c
-
SSDEEP
6144:MRNlDvXKlDdXaWDAbun+XaplDTlDJKXplD13DpBbilDShrxE9vbMKBWrQXhjXNkL:aBV6Wrg9NqGcUKalSYu5tjz5niH9k
Score
N/A
Malware Config
Signatures
Files
-
OE72.vhd.vhd
-
out.vhd.vhd
-
HG.lnk.lnk
-
System Volume Information/WPSettings.dat
-
triflingly/fishy.txt
-
triflingly/pelvic.tmp.dll windows x86
8d2e819861401cc6d4a6194def9ab07c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
WaitForSingleObjectEx
CreateThread
ExitThread
GetTickCount64
VirtualAllocEx
GetCommandLineA
GetFileAttributesA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetModuleHandleA
GetModuleHandleW
lstrcmpA
lstrcmpiA
lstrlenA
CloseHandle
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetStdHandle
HeapReAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RaiseException
RtlUnwind
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
MultiByteToWideChar
LCMapStringW
MoveFileExW
DecodePointer
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineW
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
WriteConsoleW
user32
DialogBoxParamA
SendMessageA
FindWindowA
EndDialog
shlwapi
PathFindOnPathA
PathGetDriveNumberA
PathFileExistsA
ord155
PathFindExtensionA
PathFindSuffixArrayA
Exports
Exports
Sections
.text Size: 151KB - Virtual size: 150KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 217KB - Virtual size: 216KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 286KB - Virtual size: 285KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
triflingly/perks.cmd.cmd .vbs
-
triflingly/zoological.cmd.cmd .vbs