Desktop[.]rar | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Desktop.rar
Size

888KB
MD5

aa38ce76b39887b3f453bc682f0bb839
SHA1

74f1643cb1151756fb7d496e8d29745fb0a7b4d1
SHA256

b6fa6c6eda847b0886239c298632deca91411bebd2a05dde31f0a373a8558154
SHA512

7d2a3645418678c521b22115d27718c24cc765be49aec1ba066c512ecd4fb41582abefe1d0a4eee7a5f8819c8591342ba5bba72a13c102974f2b7b24720c94bb
SSDEEP

24576:ELMUHmPL/NopUdBd8n8/DNKuqVTygDfyqrIY:8G7NQA5hKuqDBr7

Score

1^/10

Malware Config

Signatures

Files

Desktop.rar
.rar
Desktop/2f0812f7f7905937a82c3a755c40becf63e0d6ed39f212ac931774dfdf338d53.exe
.exe windows x86

ebf1753daf387af13fcdb36b176f1670

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
CloseHandle
LoadLibraryA
HeapAlloc
GetProcessHeap
lstrcmpiW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateEventW
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
GetLastError
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
WriteConsoleW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetFileType
HeapFree
MultiByteToWideChar
CompareStringW
LCMapStringW
DeleteFileW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleOutputCP
CreateFileW
HeapSize
HeapReAlloc
SetEndOfFile
DecodePointer

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 264KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Desktop/50135b3cd8e475e98d6e1c9886bb8cd10f400096dfc840f174fc4545fb0a3b92.exe
.exe windows x86

40f389cd89deac0771134a6688b7ea0f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
RaiseException
GetConsoleMode
GetConsoleCP
SetFilePointer
SetEnvironmentVariableA
CompareStringW
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapValidate
IsBadReadPtr
GetLastError
GetFileAttributesA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleW
Sleep
InterlockedIncrement
InterlockedDecrement
GetProcAddress
ExitProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapCreate
HeapFree
VirtualFree
GetModuleFileNameA
WriteFile
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LoadLibraryW
WideCharToMultiByte
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
CompareStringA
FlushFileBuffers

user32

MessageBoxW

Sections

.text
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Desktop/bbbd5d0aef3c2cfa296cee376dea6d7eb777a9c12140aed1a7c2c8d6ecda1e26.exe
.exe .vbs windows x64
Desktop/ed902b16d454afd9d3a972e0dbe5d46e5f5b0da01e5e763069f149f07cbaf274.exe
.exe windows x64

9cbefe68f395e67356e2a5d8d1b285c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 419KB - Virtual size: 418KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 458KB - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 295B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/32
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/46
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/65
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/78
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Desktop/ffd5738de2af368a497d3a2020bb51ed380b00f3eb4abefa835c362ec7df8bc8.exe
.exe windows x64

c574d30dae10e97c5716c4986279c203

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

IsDebuggerPresent
InitializeSListHead
GetModuleHandleW
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
RtlLookupFunctionEntry
GetSystemTimeAsFileTime
GlobalAlloc
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess

ws2_32

WSACleanup
closesocket
WSAStartup
inet_addr
send
socket
htons
connect

iphlpapi

GetNetworkParams
GetAdaptersInfo

vcruntime140

__std_exception_copy
memset
__current_exception_context
__current_exception
_CxxThrowException
__std_exception_destroy
__C_specific_handler
memcpy

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vfprintf
__p__commode
_set_fmode
__acrt_iob_func

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_c_exit
_register_thread_local_exe_atexit_callback
terminate
_cexit
_exit
__p___argv
exit
_set_app_type
_seh_filter_exe
_crt_atexit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_register_onexit_function
_configure_narrow_argv
__p___argc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ebf1753daf387af13fcdb36b176f1670

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 76KB - Virtual size: 76KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 264KB - Virtual size: 266KB

.reloc Size: 5KB - Virtual size: 4KB

40f389cd89deac0771134a6688b7ea0f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 118KB - Virtual size: 117KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 48KB - Virtual size: 48KB

.reloc Size: 13KB - Virtual size: 13KB

9cbefe68f395e67356e2a5d8d1b285c0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 419KB - Virtual size: 418KB

.rdata Size: 458KB - Virtual size: 458KB

.data Size: 77KB - Virtual size: 436KB

/4 Size: 512B - Virtual size: 295B

/19 Size: 86KB - Virtual size: 85KB

/32 Size: 17KB - Virtual size: 16KB

/46 Size: 512B - Virtual size: 24B

/65 Size: 164KB - Virtual size: 163KB

/78 Size: 81KB - Virtual size: 81KB

/90 Size: 27KB - Virtual size: 27KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.symtab Size: 74KB - Virtual size: 73KB

c574d30dae10e97c5716c4986279c203

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

iphlpapi

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 552B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 88B

.text
Size: 76KB - Virtual size: 76KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 264KB - Virtual size: 266KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 118KB - Virtual size: 117KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 48KB - Virtual size: 48KB

.reloc
Size: 13KB - Virtual size: 13KB

.text
Size: 419KB - Virtual size: 418KB

.rdata
Size: 458KB - Virtual size: 458KB

.data
Size: 77KB - Virtual size: 436KB

/4
Size: 512B - Virtual size: 295B

/19
Size: 86KB - Virtual size: 85KB

/32
Size: 17KB - Virtual size: 16KB

/46
Size: 512B - Virtual size: 24B

/65
Size: 164KB - Virtual size: 163KB

/78
Size: 81KB - Virtual size: 81KB

/90
Size: 27KB - Virtual size: 27KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB

.symtab
Size: 74KB - Virtual size: 73KB

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 552B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 88B