General
-
Target
Tax Payment Confirmation.exe
-
Size
617KB
-
MD5
c0a1d1c4a45f6ad67cb49b1acd3da645
-
SHA1
f64f3f61c2a61a237860c9f5d318260bfc3e593d
-
SHA256
2e8b312bc19a37110acae931bbd678821927025f0e09bbbc954aad79b1240777
-
SHA512
ac96ae7f044909f90ef1a903267ebb347dcc0dce9911592bf3510401a31a7d38f81e1a56ddd0d4e2ee59ccb2b3a63b3cd2e08cb6ef5722f41a6e952c57bbb063
-
SSDEEP
12288:F2AjcRQn03vF46A9jmP/uhu/yMS08CkntxYRZ6L:F/QRQbfmP/UDMS08Ckn3S0
Malware Config
Extracted
kutaki
http://newbosslink.xyz/baba/new4.php
Signatures
-
Kutaki family
Files
-
Tax Payment Confirmation.exe.exe windows x86
8f7cce2b64e9230bf385963548b4597c
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
ord690
ord696
ord698
MethCallEngine
ord621
ord516
ord518
ord626
ord519
ord660
ord666
ord667
ord591
ord593
ord594
ord595
ord596
ord598
ord520
ord631
ord525
ord632
ord526
EVENT_SINK_AddRef
ord528
ord529
ord561
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord606
ord713
ord714
ord607
ord608
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord571
ord573
ord681
ord576
ord578
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord650
ord543
ord544
ord547
ord581
Sections
.text Size: 324KB - Virtual size: 321KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 288KB - Virtual size: 285KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ