Desktop[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Desktop.rar
Size

6.6MB
MD5

87ce2521f4f22834b925cfc801429b68
SHA1

79db789b130fb1470508d41ed60c2ce5ef03d8eb
SHA256

1a08c7f72a8320a875421596e1abe9bfa3723b81bb5badebd24cdd327bba4488
SHA512

01860a6563c9786234fe06a17c36d37fc4fd4f16de34bae506cd21ceccf1a5e1d90ac0dbb9ab5f48e1d448167b12f6ccfd58ca5ae8764d28c8e403209c180f4b
SSDEEP

98304:QAO0EN4V+EzQoWGp5Wg3YbnojX4ajfL9z7n9kcfVP9wwuQ+vSajkQMI:QAOaVpk1Gp5LYbo7T9nnSWsRvBn

Score

1^/10

Malware Config

Signatures

Files

Desktop.rar
.rar
Zeip.dll (1)
.dll windows x86

7c1bb61f880820bb799d74143c495a3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcBindingInqAuthClientW

ole32

CoCancelCall

user32

SetClipboardData
IsCharAlphaNumericW
GetSystemMetrics
HiliteMenuItem
IsChild
TrackPopupMenuEx
GetFocus
AttachThreadInput
InflateRect

kernel32

AddRefActCtx
FindVolumeClose
GetBinaryTypeA
GetUserDefaultLangID
WaitForSingleObjectEx
GetModuleFileNameA
GetSystemTimeAsFileTime

shlwapi

StrFormatByteSizeW

powrprof

ReadPwrScheme

ws2_32

select

msvcrt

islower
memset

advapi32

RegOverridePredefKey
CryptHashSessionKey
ImpersonateAnonymousToken

gdi32

DeleteObject

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 360KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zeip.exe (1)
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 307.9MB - Virtual size: 307.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c1bb61f880820bb799d74143c495a3b

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

ole32

user32

kernel32

shlwapi

powrprof

ws2_32

msvcrt

advapi32

gdi32

Sections

.text Size: 88KB - Virtual size: 84KB

.rdata Size: 360KB - Virtual size: 357KB

.data Size: 36KB - Virtual size: 46KB

.idata Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 12KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 307.9MB - Virtual size: 307.9MB

.rsrc Size: 68KB - Virtual size: 67KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 88KB - Virtual size: 84KB

.rdata
Size: 360KB - Virtual size: 357KB

.data
Size: 36KB - Virtual size: 46KB

.idata
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 12KB

.text
Size: 307.9MB - Virtual size: 307.9MB

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 512B - Virtual size: 12B