5[.]rar | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

5.rar
Size

356KB
MD5

4189274528054c6f9c88e738de8ae977
SHA1

67cd7b7a50a5a599022b2ceac3bfd51f37bcfcde
SHA256

9bc00abf2471492c02cf87d2a4a9dad3fb6b438c0754c40f144d443af3f1ea6e
SHA512

f19517b02dad9b4275f8a01beb8e0e1f6ceceeaca3b125df7e2ae70ff57290ca849569e3b8d1598c561ae17869a733e8feeb850704bb4978a3e998f034f7b107
SSDEEP

6144:d9/1S9/mGX50ehtqosK13BtSoUsfXR3MfGQNC/QvQYhZAKDNeIxXcXEjInrkZicq:d9/g9/N575RPJUaXRYGQ0/QIcZAGNeIe

Score

1^/10

Malware Config

Signatures

Files

5.rar
.rar
000000000/d0c95cfef2e6c85abb28ee971216b3bf.ps1
1/287b172c23da5426cf039ef55d959fbd.js
.js
1/3c57867dc4bdeb8a7d55dfb7d8ef5008.js
.js
1/922b1d765a3f88f8b0fb8ee3f71f3023.js
.js
1/b19781010225032c77834156cb1eb466.exe
.exe windows x86

d8198181272108e3fcb7fb9bfa473360

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToLocalFileTime
FindClose
SetEnvironmentVariableA
CompareStringW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
GetProcessHeap
GetStringTypeW
GetStringTypeA
GetDriveTypeA
HeapReAlloc
HeapSize
HeapAlloc
VirtualFree
HeapFree
HeapCreate
HeapDestroy
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
QueryPerformanceCounter
LCMapStringW
LCMapStringA
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetACP
LoadLibraryW
OutputDebugStringW
GetFileType
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
VirtualQuery
GetSystemInfo
VirtualAlloc
IsBadReadPtr
HeapValidate
GetStartupInfoA
GetCommandLineA
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
ExitProcess
GetSystemTimeAsFileTime
RtlUnwind
GetFileSizeEx
GetFileTime
GetOEMCP
GetCPInfo
GetModuleHandleW
GetShortPathNameA
GetThreadLocale
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
VirtualProtect
GetAtomNameA
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GlobalFlags
SetErrorMode
WritePrivateProfileStringA
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
lstrcmpW
GlobalGetAtomNameA
GlobalFindAtomA
GetVersionExA
MultiByteToWideChar
MulDiv
FormatMessageA
LocalFree
GlobalUnlock
GlobalFree
FreeResource
GetCurrentProcessId
GlobalAddAtomA
SetEvent
lstrlenA
SetLastError
CompareStringA
InterlockedExchange
GlobalLock
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetCurrentThread
GetCurrentThreadId
GetLocaleInfoA
GetModuleHandleA
ConvertDefaultLocale
EnumResourceLanguagesA
GetTickCount
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
GetFileSize
FileTimeToSystemTime
WriteFile
SetFileTime
GetFileAttributesA
LocalFileTimeToFileTime
GetCurrentDirectoryA
SystemTimeToFileTime
ReadFile
CloseHandle
CreateFileA
SetFilePointer
LoadResource
LockResource
SizeofResource
FindResourceA
GetEnvironmentVariableA
FindNextFileA
CreateEventA
GetLastError
LoadLibraryA
GetProcAddress
CopyFileA
GetModuleFileNameA
Sleep
WideCharToMultiByte
lstrlenW
CreateDirectoryA
FindFirstFileA
OpenEventA

user32

TranslateAcceleratorA
DestroyIcon
UnpackDDElParam
GetClipboardFormatNameA
SetRectEmpty
ReleaseCapture
DestroyMenu
LoadAcceleratorsA
LoadMenuA
ModifyMenuA
InsertMenuItemA
GetMenuItemInfoA
EnableMenuItem
CheckMenuItem
CreatePopupMenu
GrayStringA
DrawTextExA
DrawTextA
DrawIcon
FillRect
GetSysColorBrush
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
SendDlgItemMessageA
GetSysColor
SetFocus
AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
WinHelpA
TrackPopupMenu
GetWindowTextA
GetDlgCtrlID
GetClassLongA
GetClassNameA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
SetMenu
ReuseDDElParam
GetMessageTime
GetMessagePos
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
IsMenu
GetMenuItemCount
GetSubMenu
GetMenuState
AppendMenuA
GetMenuItemID
SetWindowPos
LoadIconA
LoadCursorA
PostThreadMessageA
SetWindowContextHelpId
GetForegroundWindow
SetForegroundWindow
IsChild
GetWindow
GetTopWindow
GetNextDlgTabItem
GetNextDlgGroupItem
SetCapture
GetCapture
GetSystemMetrics
wsprintfA
GetDesktopWindow
PostQuitMessage
MapDialogRect
ShowOwnedPopups
IsWindowVisible
InvalidateRgn
InvalidateRect
UpdateWindow
ReleaseDC
GetWindowDC
GetDC
EndPaint
BeginPaint
ScreenToClient
CharNextA
CopyAcceleratorTableA
MessageBeep
UnregisterClassA
IsRectEmpty
GetMenu
IsWindow
SendMessageA
InflateRect
SetRect
PtInRect
PostMessageA
TabbedTextOutA
GetFocus
SetMenuItemBitmaps
LoadBitmapA
GetMenuCheckMarkDimensions
DispatchMessageA
TranslateMessage
GetMessageA
ValidateRect
SetWindowsHookExA
GetCursorPos
PeekMessageA
CallNextHookEx
GetKeyState
SetCursor
GetWindowThreadProcessId
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetParent
GetWindowLongA
MessageBoxA
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetActiveWindow
EndDialog
RegisterClipboardFormatA
GetSystemMenu
IsIconic
BringWindowToTop
GetWindowRect
GetClientRect
MapWindowPoints
ClientToScreen
CharUpperA

gdi32

GetBkColor
GetTextColor
GetMapMode
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
BitBlt
GetPixel
TextOutA
GetTextExtentPoint32A
Escape
DeleteDC
SaveDC
RestoreDC
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteObject
ExtSelectClipRgn
SelectObject
CreateCompatibleDC
GetRgnBox
CreateRectRgnIndirect
CreateCompatibleBitmap
CreateFontIndirectA
CreatePatternBrush
CreateSolidBrush
GetObjectType
GetStockObject
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
CreateBitmap
ExtTextOutA

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

SetThreadToken
OpenThreadToken
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegSetValueA
RegDeleteKeyA
RegOpenKeyA
RegEnumKeyA
RegQueryValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RevertToSelf

shell32

ExtractIconA
DragFinish
DragQueryFileA

shlwapi

PathFindFileNameA
PathIsUNCA
PathFindExtensionA
PathStripToRootA

oledlg

ord8

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
OleFlushClipboard
OleIsCurrentClipboard
CoGetClassObject
CoRegisterMessageFilter
StringFromGUID2
CoDisconnectObject
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
StringFromCLSID
CoTaskMemFree
CoRevokeClassObject
CoRegisterClassObject

oleaut32

SystemTimeToVariantTime
SysFreeString
SysStringByteLen
SysStringLen
SysAllocStringLen
SysAllocStringByteLen
VariantChangeType
VariantInit
VariantCopy
SysAllocString
LoadTypeLi
OleCreateFontIndirect
SafeArrayDestroy
VariantTimeToSystemTime
VariantClear

Sections

.text
Size: 647KB - Virtual size: 647KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 195KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8198181272108e3fcb7fb9bfa473360

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 647KB - Virtual size: 647KB

.rdata Size: 143KB - Virtual size: 143KB

.data Size: 12KB - Virtual size: 28KB

.rsrc Size: 195KB - Virtual size: 196KB

.text
Size: 647KB - Virtual size: 647KB

.rdata
Size: 143KB - Virtual size: 143KB

.data
Size: 12KB - Virtual size: 28KB

.rsrc
Size: 195KB - Virtual size: 196KB