Static task
static1
Behavioral task
behavioral1
Sample
Vse dokumenty za noyabr'.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Vse dokumenty za noyabr'.exe
Resource
win10v2004-20230220-en
General
-
Target
201211-h29rnhf5b2_pw_infected.zip
-
Size
83KB
-
MD5
7fd478900d93a8b5332f754eeb0dd70d
-
SHA1
da2a47b18a912bdf66e2a0ac895821c7b559ebe8
-
SHA256
37719c97da4c393a43344ba5d9023c331a4724ca52b02e13463adc96b38ef973
-
SHA512
b5c4e1b7ec6317b0a988694d873398ba8cc6543efe8cf3f4e4ed1178ca930823086ee1be5ee00dddf869dcebcb7cc1f338fcf93ef3f8e9d068169ff487c7047a
-
SSDEEP
1536:2G99TypcYkp0ypuoCu2c8HuY4zFug5r7ky180ReHopO65Zcu9uCIuE:2G99TyOBZp6u2cQizFB5vkyhReH0zcue
Malware Config
Signatures
Files
-
201211-h29rnhf5b2_pw_infected.zip.zip
Password: infected
-
Vse dokumenty za noyabr'.exe.exe windows x86
Password: infected
1fb8694e8f60cb758ea65c0022d751d6
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetLastError
GetModuleHandleW
VirtualAlloc
user32
CloseWindowStation
PaintDesktop
IsWindow
IsCharUpperA
GetKeyboardType
GetOpenClipboardWindow
VkKeyScanA
DrawMenuBar
WindowFromDC
CharLowerW
IsWindowUnicode
IsCharUpperW
CloseClipboard
EndMenu
ReleaseCapture
GetMenuItemCount
GetLastActivePopup
DestroyMenu
IsWindowVisible
GetSystemMetrics
IsCharAlphaNumericW
GetDesktopWindow
GetCursor
GetQueueStatus
GetDoubleClickTime
GetClipboardViewer
GetShellWindow
GetClipboardSequenceNumber
CreateMenu
InSendMessage
CreatePopupMenu
GetMessagePos
GetForegroundWindow
GetClipboardOwner
DestroyCursor
OpenIcon
GetCaretBlinkTime
IsGUIThread
GetDialogBaseUnits
LoadCursorFromFileA
LoadIconW
DialogBoxParamA
MapWindowPoints
MessageBoxIndirectW
UnregisterClassW
ShowCursor
GetDlgItemTextW
ShowWindow
CountClipboardFormats
MessageBoxA
ModifyMenuW
GetPropW
DefMDIChildProcA
CreateIconIndirect
DispatchMessageA
SendMessageA
WaitMessage
ValidateRgn
DrawCaption
FlashWindowEx
gdi32
CreateMetaFileW
GetEnhMetaFileA
GetEnhMetaFileBits
GetStockObject
AddFontResourceW
WidenPath
GetGraphicsMode
CreateHalftonePalette
CreateSolidBrush
DeleteObject
UnrealizeObject
SetMetaRgn
SwapBuffers
GetEnhMetaFileW
FillPath
GetColorSpace
DeleteDC
GdiFlush
GetMapMode
CreateMetaFileA
GetPolyFillMode
CloseFigure
EndPath
PathToRegion
StrokePath
DeleteMetaFile
GetTextColor
CreateCompatibleDC
GetBkMode
GetObjectType
GdiGetBatchLimit
GetPixelFormat
Pie
GetICMProfileA
StartFormPage
GdiConvertDC
DPtoLP
EngLoadModule
RealizePalette
GetDCPenColor
GetObjectA
GetPaletteEntries
GetMetaFileA
STROBJ_bEnum
PolyTextOutA
GetFontAssocStatus
GdiRealizationInfo
Polyline
AngleArc
GetTextMetricsA
DeleteColorSpace
CombineRgn
Polygon
CreateFontIndirectA
GdiGetDC
SelectBrushLocal
GetDeviceGammaRamp
GetTextCharacterExtra
GdiGetPageHandle
GetTextMetricsW
CreateICA
CopyMetaFileA
GetBkColor
GdiConvertRegion
PtVisible
GdiConvertToDevmodeW
GetWinMetaFileBits
AddFontResourceExW
CreatePalette
CreateRoundRectRgn
GdiEntry9
BRUSHOBJ_pvAllocRbrush
GdiConsoleTextOut
BRUSHOBJ_pvGetRbrush
BRUSHOBJ_ulGetBrushColor
EnumFontFamiliesExA
GetTextAlign
SetTextAlign
Escape
SetAbortProc
StartDocA
EndDoc
CreateDCA
StartPage
EndPage
GetSystemPaletteEntries
CreatePen
IntersectClipRect
SetBrushOrgEx
CreatePatternBrush
GetTextExtentPoint32A
CreateFontA
CreateRectRgn
SetRectRgn
InvertRgn
PatBlt
ExtTextOutA
GetTextExtentPointW
GetTextExtentPointA
SetBkMode
TextOutW
TextOutA
GetTextCharset
MoveToEx
LineTo
Rectangle
SetPixel
CreateCompatibleBitmap
GetTextFaceA
SetROP2
TranslateCharsetInfo
GetNearestColor
SelectObject
SetTextColor
SetBkColor
SetViewportOrgEx
SetWindowExtEx
SetViewportExtEx
PlayMetaFile
CreateDiscardableBitmap
BitBlt
SetStretchBltMode
StretchBlt
GetDeviceCaps
SaveDC
SetMapMode
SetWindowOrgEx
LPtoDP
RestoreDC
SetMetaFileBitsEx
CreateBitmap
SetDIBits
CreateDIBitmap
SelectPalette
advapi32
RegOpenKeyA
RegQueryValueExA
shell32
SHGetMalloc
SHGetFolderPathW
SHGetFileInfoA
SHBrowseForFolderW
SHIsFileAvailableOffline
CommandLineToArgvW
SHBrowseForFolderA
SHGetSpecialFolderPathW
DragQueryFileAorW
DragFinish
WOWShellExecute
ExtractIconExA
SHGetDataFromIDListW
SHGetIconOverlayIndexA
ShellAboutA
SHEmptyRecycleBinA
SHInvokePrinterCommandA
SHGetFolderPathA
SHGetSpecialFolderPathA
shlwapi
StrCmpNW
StrStrIW
Sections
.text Size: 102KB - Virtual size: 101KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 72KB - Virtual size: 72KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 92KB - Virtual size: 91KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ