855f411bd0667b650c4f2fd3c9fbb4fa9209cf40b0d655fa9304dcdd956e0808[.]7z

Resubmissions

04/03/2023, 14:18

230304-rmda5sec25 8

02/03/2023, 16:13

230302-tn393adc4w 8

Sharing

Copy URL Twitter E-mail

General

Target

855f411bd0667b650c4f2fd3c9fbb4fa9209cf40b0d655fa9304dcdd956e0808.7z
Size

194KB
MD5

a428a95df4443c8a22282087332ef174
SHA1

1a19b2e16a85dd026366143272f44e905b0bfd97
SHA256

72441ac6e332aa3e9d1368d5e33d0402db228dc17dc54b784f649601de43801a
SHA512

00f67824426a341635a16ca8bb561f8811f4b8ba93efddb2a538ef453ed581f25e8030631b0a71e3a1d95ba7e6082e1eca8e18d68270880df805b31b89bd4977
SSDEEP

3072:HVmaU+NdPPiS9NqcjAcdn88/oOOzr3o45RxF+kU+yPYcvVBNtxkXhYwMUdp741L:HVO+3ig8Wd88/kDo45kkaN93rTx4R4B

Score

1^/10

Malware Config

Signatures

Files

855f411bd0667b650c4f2fd3c9fbb4fa9209cf40b0d655fa9304dcdd956e0808.7z
.7z

Password: l1{ws}gbCe9F'xh$C5lxYHr=q[[%(A'84W5.&)DD;y8rROiF[;
855f411bd0667b650c4f2fd3c9fbb4fa9209cf40b0d655fa9304dcdd956e0808.exe
.exe windows x64

Password: l1{ws}gbCe9F'xh$C5lxYHr=q[[%(A'84W5.&)DD;y8rROiF[;

ff3a3d931c8b944178e33a9163f3960f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

OpenSCManagerW
CreateServiceW
RegDeleteKeyW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
SystemFunction036

kernel32

CloseHandle
GlobalAlloc
GlobalFree
CreateFileW
GetLastError
DeviceIoControl
GetProcessHeap
HeapAlloc
GetDriveTypeW
FindFirstVolumeW
GetVolumePathNamesForVolumeNameW
SetVolumeMountPointW
FindNextVolumeW
FindVolumeClose
HeapFree
GetUserDefaultUILanguage
FormatMessageW
LocalFree
lstrlenW
WriteFile
SetFilePointerEx
ReadFile
FindNextFileW
FindClose
GetCommandLineW
GetCurrentDirectoryW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileAttributesW
GetStartupInfoW
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetSystemInfo
MultiByteToWideChar
QueryPerformanceCounter
SetLastError
Sleep
WideCharToMultiByte
GetModuleFileNameW
FreeLibrary
FindFirstFileW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex
ReleaseSRWLockShared
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
GetCurrentProcess
RtlCaptureContext
GetProcAddress
RtlLookupFunctionEntry
GetEnvironmentVariableW
SetEnvironmentVariableW
FlushFileBuffers
DuplicateHandle
GetStdHandle
GetCurrentProcessId
WriteFileEx
SleepEx
WaitForSingleObject
GetExitCodeProcess
TerminateProcess
WaitForMultipleObjects
GetOverlappedResult
TryAcquireSRWLockExclusive
TlsAlloc
HeapReAlloc
AcquireSRWLockShared
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetFileInformationByHandle
MoveFileExW
CreateEventW
CancelIo
GetModuleHandleW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
ReadFileEx
GetWindowsDirectoryW
CreateProcessW
CreateThread
TlsGetValue
TlsSetValue
GetModuleHandleA
GetConsoleMode
WriteConsoleW
GetConsoleOutputCP
HeapSize
LCMapStringW
CompareStringW
GetStringTypeW
GetFileType
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetCommandLineA
GetModuleHandleExW
LoadLibraryExW
TlsFree
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
GetCurrentThreadId
InitializeSListHead
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter

mpr

WNetOpenEnumW
WNetCloseEnum
WNetEnumResourceW

bcrypt

BCryptGenRandom

Sections

.text
Size: 322KB - Virtual size: 321KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: l1{ws}gbCe9F'xh$C5lxYHr=q[[%(A'84W5.&)DD;y8rROiF[;

Password: l1{ws}gbCe9F'xh$C5lxYHr=q[[%(A'84W5.&)DD;y8rROiF[;

ff3a3d931c8b944178e33a9163f3960f

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

mpr

bcrypt

Sections

.text Size: 322KB - Virtual size: 321KB

.rdata Size: 160KB - Virtual size: 159KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 16KB - Virtual size: 15KB

_RDATA Size: 512B - Virtual size: 244B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 322KB - Virtual size: 321KB

.rdata
Size: 160KB - Virtual size: 159KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 16KB - Virtual size: 15KB

_RDATA
Size: 512B - Virtual size: 244B

.reloc
Size: 3KB - Virtual size: 3KB