Malware[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Malware.zip
Size

101KB
MD5

aad0319319be0d94d220defdf6d8656d
SHA1

0a79a5233bf5b78337573b914cbd331a5d49ee8c
SHA256

912ca06182dd5737697533e13b5634d8ff3d98cec75470f57f75f0a932c068c4
SHA512

bbfaf891ad0f2c67d51ecf67c8dbad554b3be1847e66a280d0e54bcbff6dea1049b39bf9a1a21bbe3d3d1dfc0531c0a25be6253072b2d8ec580ab2f8d23457f3
SSDEEP

3072:Ud9m9S7xMY0/pq/555igIhfAvacObeeiatnfU:q49W5g0/JGhIvacgRtM

Score

N/A

Malware Config

Signatures

Files

Malware.zip
.zip
POV_Document_01-12.lnk
.lnk
oftplyfadm/easygoing.dat
.dll windows x64

3dbaf3e717e062fd9f0012e888f69f0f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

TerminateProcess
IsDebuggerPresent
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
DisableThreadLibraryCalls
TerminateProcess
IsDebuggerPresent
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
DisableThreadLibraryCalls

Exports

Exports

hNI_OnLoad
hava_com_sun_imageio_plugins_jpeg_JPEGImageReader_abortRead
hava_com_sun_imageio_plugins_jpeg_JPEGImageReader_clearNativeReadAbortFlag
hava_com_sun_imageio_plugins_jpeg_JPEGImageReader_disposeReader
hava_com_sun_imageio_plugins_jpeg_JPEGImageReader_initJPEGImageReader
hava_com_sun_imageio_plugins_jpeg_JPEGImageReader_initReaderIDs
hava_com_sun_imageio_plugins_jpeg_JPEGImageReader_readImage
hava_com_sun_imageio_plugins_jpeg_JPEGImageReader_readImageHeader
hava_com_sun_imageio_plugins_jpeg_JPEGImageReader_resetLibraryState
hava_com_sun_imageio_plugins_jpeg_JPEGImageReader_resetReader
hava_com_sun_imageio_plugins_jpeg_JPEGImageReader_setOutColorSpace
hava_com_sun_imageio_plugins_jpeg_JPEGImageReader_setSource
hava_com_sun_imageio_plugins_jpeg_JPEGImageWriter_abortWrite
hava_com_sun_imageio_plugins_jpeg_JPEGImageWriter_disposeWriter
hava_com_sun_imageio_plugins_jpeg_JPEGImageWriter_initJPEGImageWriter
hava_com_sun_imageio_plugins_jpeg_JPEGImageWriter_initWriterIDs
hava_com_sun_imageio_plugins_jpeg_JPEGImageWriter_resetWriter
hava_com_sun_imageio_plugins_jpeg_JPEGImageWriter_setDest
hava_com_sun_imageio_plugins_jpeg_JPEGImageWriter_writeImage
hava_com_sun_imageio_plugins_jpeg_JPEGImageWriter_writeTables
hava_sun_awt_image_JPEGImageDecoder_initIDs
init

Sections

.text
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
oftplyfadm/redtorpaph.cmd

Sharing

General

Malware Config

Signatures

Files

3dbaf3e717e062fd9f0012e888f69f0f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 131KB - Virtual size: 130KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 7KB - Virtual size: 6KB

.rsrc Size: 16KB - Virtual size: 13KB

.reloc Size: 512B - Virtual size: 300B

.text
Size: 131KB - Virtual size: 130KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 16KB - Virtual size: 13KB

.reloc
Size: 512B - Virtual size: 300B