Extracted

• SPSQL_2023-01-12_15_48_15.zip

  .zip

  Password: Malware123!!

• Device/HarddiskVolume2/Windows/Temp/fzDJKHES.exe

  .exe windows x86

  Password: Malware123!!

  481f47bbb2c9c21e108d65f52b04c448

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  msvcrt

  _iob

  _except_handler3

  __set_app_type

  __p__fmode

  __p__commode

  _adjust_fdiv

  __setusermatherr

  _initterm

  __getmainargs

  __p___initenv

  _XcptFilter

  _exit

  _onexit

  __dllonexit

  strrchr

  wcsncmp

  _close

  wcslen

  wcscpy

  strerror

  modf

  strspn

  realloc

  __p__environ

  __p__wenviron

  _errno

  free

  strncmp

  strstr

  strncpy

  _ftol

  qsort

  fopen

  perror

  fclose

  fflush

  calloc

  malloc

  signal

  printf

  _isctype

  atoi

  exit

  __mb_cur_max

  _pctype

  strchr

  fprintf

  _controlfp

  _strdup

  _strnicmp

  kernel32

  PeekNamedPipe

  ReadFile

  WriteFile

  LoadLibraryA

  GetProcAddress

  GetVersionExA

  GetExitCodeProcess

  TerminateProcess

  LeaveCriticalSection

  SetEvent

  ReleaseMutex

  EnterCriticalSection

  DeleteCriticalSection

  InitializeCriticalSection

  CreateMutexA

  GetFileType

  SetLastError

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GlobalFree

  GetCommandLineW

  TlsAlloc

  TlsFree

  DuplicateHandle

  GetCurrentProcess

  SetHandleInformation

  CloseHandle

  GetSystemTimeAsFileTime

  FileTimeToSystemTime

  GetTimeZoneInformation

  FileTimeToLocalFileTime

  SystemTimeToFileTime

  SystemTimeToTzSpecificLocalTime

  Sleep

  FormatMessageA

  GetLastError

  WaitForSingleObject

  CreateEventA

  SetStdHandle

  SetFilePointer

  CreateFileA

  CreateFileW

  GetOverlappedResult

  DeviceIoControl

  GetFileInformationByHandle

  LocalFree

  advapi32

  FreeSid

  AllocateAndInitializeSid

  wsock32

  getsockopt

  connect

  htons

  gethostbyname

  ntohl

  inet_ntoa

  setsockopt

  socket

  closesocket

  select

  ioctlsocket

  __WSAFDIsSet

  WSAStartup

  WSACleanup

  WSAGetLastError

  ws2_32

  WSARecv

  WSASend

  Sections

  .text

  Size: 44KB - Virtual size: 42KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 16KB - Virtual size: 28KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 4KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• manifest.json