EP49[.]vhd | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

EP49.vhd
Size

2.0MB
MD5

4c17da021097205a5b812d39ef04ad0e
SHA1

127019c9ef422e50fc9c28f852843723a0a725bd
SHA256

2052b4ce077f8a5e26656c804ddd1887dacf0e9839986b100eca73196db46086
SHA512

b87c91196ebe5e94c6f153c19b7299d884f4c54eef88031c9d70a59c9c13cadd781ac62876159cb5d81b69703f5a5dfc440533d5670e77a42a9d6cc9e0f84eff
SSDEEP

6144:li1hK5FXCE+lDuLvguRzXGbMbmGFVR7N2DFx/kYWK4XDfAW2J//+777777Lw9oHn:shKC6Y0rh5O//E777777LwmqLzF3u

Score

N/A

Malware Config

Signatures

Files

EP49.vhd
.vhd
out.vhd
.vhd
ET.lnk
.lnk
System Volume Information/WPSettings.dat
fumigating/actuaries.cmd
.cmd .vbs
fumigating/erupt.tmp
.dll windows x64

a0a355e6b216f75721327145eb82bb0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcessId
GetLastError
GetModuleHandleW
GetProcAddress
GetSystemTimeAsFileTime
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_assert
_errno
_initterm
_lock
_unlock
abort
calloc
fputc
free
fwrite
getenv
localeconv
malloc
memcmp
memcpy
memmove
memset
realloc
strerror
strlen
strncmp
strtoul
vfprintf
wcslen

Exports

Exports

hML_DefaultCurrent
hML_ErrorString
hML_ExpatVersion
hML_ExpatVersionInfo
hML_ExternalEntityParserCreate
hML_FreeContentModel
hML_GetBase
hML_GetBuffer
hML_GetCurrentByteCount
hML_GetCurrentByteIndex
hML_GetCurrentColumnNumber
hML_GetCurrentLineNumber
hML_GetErrorCode
hML_GetFeatureList
hML_GetIdAttributeIndex
hML_GetInputContext
hML_GetParsingStatus
hML_GetSpecifiedAttributeCount
hML_MemFree
hML_MemMalloc
hML_MemRealloc
hML_Parse
hML_ParseBuffer
hML_ParserCreate
hML_ParserCreateNS
hML_ParserCreate_MM
hML_ParserFree
hML_ParserReset
hML_ResumeParser
hML_SetAttlistDeclHandler
hML_SetBase
hML_SetBillionLaughsAttackProtectionActivationThreshold
hML_SetBillionLaughsAttackProtectionMaximumAmplification
hML_SetCdataSectionHandler
hML_SetCharacterDataHandler
hML_SetCommentHandler
hML_SetDefaultHandler
hML_SetDefaultHandlerExpand
hML_SetDoctypeDeclHandler
hML_SetElementDeclHandler
hML_SetElementHandler
hML_SetEncoding
hML_SetEndCdataSectionHandler
hML_SetEndDoctypeDeclHandler
hML_SetEndElementHandler
hML_SetEndNamespaceDeclHandler
hML_SetEntityDeclHandler
hML_SetExternalEntityRefHandler
hML_SetExternalEntityRefHandlerArg
hML_SetHashSalt
hML_SetNamespaceDeclHandler
hML_SetNotStandaloneHandler
hML_SetNotationDeclHandler
hML_SetParamEntityParsing
hML_SetProcessingInstructionHandler
hML_SetReturnNSTriplet
hML_SetSkippedEntityHandler
hML_SetStartCdataSectionHandler
hML_SetStartDoctypeDeclHandler
hML_SetStartElementHandler
hML_SetStartNamespaceDeclHandler
hML_SetUnknownEncodingHandler
hML_SetUnparsedEntityDeclHandler
hML_SetUserData
hML_SetXmlDeclHandler
hML_StopParser
hML_UseForeignDTD
hML_UseParserAsHandlerArg
hmlGetUtf16InternalEncoding
hmlGetUtf16InternalEncodingNS
hmlGetUtf8InternalEncoding
hmlGetUtf8InternalEncodingNS
hmlInitEncoding
hmlInitEncodingNS
hmlInitUnknownEncoding
hmlInitUnknownEncodingNS
hmlParseXmlDecl
hmlParseXmlDeclNS
hmlPrologStateInit
hmlPrologStateInitExternalEntity
hmlSizeOfUnknownEncoding
hmlUtf16Encode
hmlUtf8Encode
hINTERNAL_trim_to_complete_utf8_characters
hestingAccountingGetCountBytesDirect
hestingAccountingGetCountBytesIndirect
init

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fumigating/fossiliferous.txt
fumigating/helical.jpg
.jpg
fumigating/perplexity.cmd
.cmd .vbs

Sharing

General

Malware Config

Signatures

Files

a0a355e6b216f75721327145eb82bb0e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 143KB - Virtual size: 142KB

.data Size: 512B - Virtual size: 192B

.rdata Size: 36KB - Virtual size: 35KB

.pdata Size: 4KB - Virtual size: 4KB

.xdata Size: 4KB - Virtual size: 3KB

.bss Size: - Virtual size: 2KB

.edata Size: 3KB - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 12KB - Virtual size: 11KB

.reloc Size: 1024B - Virtual size: 752B

.text
Size: 143KB - Virtual size: 142KB

.data
Size: 512B - Virtual size: 192B

.rdata
Size: 36KB - Virtual size: 35KB

.pdata
Size: 4KB - Virtual size: 4KB

.xdata
Size: 4KB - Virtual size: 3KB

.bss
Size: - Virtual size: 2KB

.edata
Size: 3KB - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 12KB - Virtual size: 11KB

.reloc
Size: 1024B - Virtual size: 752B