invoice[.]vhd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

invoice.vhd
Size

18.0MB
MD5

8aa7859f1d6f56bb1d077b28134f5e06
SHA1

5db3b86166730fa4f0eaa619c1c533710bc2256a
SHA256

72ba4bd27c5d95912ac5e572849f0aaf56c5873e03f5596cb82e56ac879e3614
SHA512

19d734729910e94805389b9392086f03be1bf56e542961c73dce1ff1e1b2a005cc655813073e41946a9ec8a1e5621031ae73b5cd884f5d3b77b52cc57797fa3f
SSDEEP

24576:wS5Sjh/M4YK6dJ5oA8F2nFnHb6T8Ujl6vO01C1GCTsYoQZtlsZdc40QDrUYuGG1p:B0jVBkBHdTUwTGTTOWjBiO8pG+C3

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack002/$RECYCLE.BIN/$R7M8AKV.scr
unpack002/$RECYCLE.BIN/$RC3SQXJ.exe
unpack002/$RECYCLE.BIN/$RHL25IB.exe
unpack002/$RECYCLE.BIN/$RPFEKS8.scr
unpack002/$RECYCLE.BIN/$RS57ED9.pif
unpack002/$RECYCLE.BIN/$RUX08ML.pif

Files

invoice.vhd
.vhd
out.vhd
.vhd
$RECYCLE.BIN/$I2WRCTB.lnk
$RECYCLE.BIN/$I3CEIPM.js
$RECYCLE.BIN/$I3CF2C6.js
$RECYCLE.BIN/$I44YHS9.js
$RECYCLE.BIN/$I4E3GQV.js
$RECYCLE.BIN/$I5K4GOK.js
$RECYCLE.BIN/$I7M8AKV.scr
$RECYCLE.BIN/$IA2LBYN.js
$RECYCLE.BIN/$IC3SQXJ.exe
$RECYCLE.BIN/$ICMX6RL.js
$RECYCLE.BIN/$IHL25IB.exe
$RECYCLE.BIN/$IIN4D18.js
$RECYCLE.BIN/$IJXIQS1.bat
$RECYCLE.BIN/$IKNZUIN.js
$RECYCLE.BIN/$ILCPGGH.vbs
$RECYCLE.BIN/$IOHUJ2V.js
$RECYCLE.BIN/$IPFEKS8.scr
$RECYCLE.BIN/$IQBT6RP.vbs
$RECYCLE.BIN/$IQCRS6H.js
$RECYCLE.BIN/$IR4KUZJ.js
$RECYCLE.BIN/$IS57ED9.pif
$RECYCLE.BIN/$IU3LK4L.vbs
$RECYCLE.BIN/$IUONKGR.vbs
$RECYCLE.BIN/$IUX08ML.pif
$RECYCLE.BIN/$IWZ85M3.js
$RECYCLE.BIN/$IXOGX0J.js
$RECYCLE.BIN/$IXOYXGM.js
$RECYCLE.BIN/$R2WRCTB.lnk
.lnk
$RECYCLE.BIN/$R3CEIPM.js
.js
$RECYCLE.BIN/$R3CF2C6.js
.js
$RECYCLE.BIN/$R44YHS9.js
.js
$RECYCLE.BIN/$R4E3GQV.js
.js
$RECYCLE.BIN/$R5K4GOK.js
.js
$RECYCLE.BIN/$R7M8AKV.scr
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$RECYCLE.BIN/$RA2LBYN.js
.js
$RECYCLE.BIN/$RC3SQXJ.exe
.exe windows x86

ad9d11227a86b863e31ddf6019cc7ab5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
system
memcpy
_wfopen
fseek
fclose
wcsncpy
wcslen
wcscpy
wcscat
wcscmp
memmove
memcmp
_stricmp
sscanf
atoi
strlen
strcpy
strcat
sprintf
malloc
free
_wstat
_wcsdup
strcmp
floor
ceil
_CIpow
_isnan
_finite
fread
longjmp
_setjmp3
ftell
wcsncmp
_snwprintf
_wcsicmp
tolower
localtime
mktime
_wcsnicmp
_itow
gmtime
fabs
pow
??3@YAXPAX@Z
wcsstr
calloc
_errno
strrchr
strchr
strncpy
memchr
_lseeki64
realloc
abort
_close
_wopen
_setmode
exit
_open_osfhandle
_strdup
_snprintf
setlocale
strncmp
wctomb
_get_osfhandle
_open
toupper
wcschr
mbstowcs
frexp
modf
fopen
strerror
atof
abs
fflush
fwrite
__p__iob
fprintf
getenv
_stati64
time
_ftime
_vsnwprintf
cos
fmod
sin

kernel32

GetModuleHandleW
HeapCreate
HeapDestroy
ExitProcess
GetDiskFreeSpaceExW
GetCurrentProcess
GetLastError
GetUserDefaultLangID
GetSystemInfo
ExpandEnvironmentStringsW
FormatMessageW
LocalFree
OutputDebugStringW
LoadLibraryW
FindResourceW
FreeLibrary
LoadResource
SizeofResource
LockResource
CreateMutexW
CloseHandle
BeginUpdateResourceW
EndUpdateResourceW
GetBinaryTypeW
UpdateResourceW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
CreateThread
HeapAlloc
HeapFree
Sleep
CreateFileW
GetFileSize
ReadFile
GetProcAddress
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableW
SetEnvironmentVariableW
DuplicateHandle
CreatePipe
GetStdHandle
CreateProcessW
GetModuleFileNameW
GetProfileStringW
SetFilePointer
WideCharToMultiByte
MultiByteToWideChar
SetEndOfFile
WriteFile
DeleteFileW
HeapReAlloc
GetVersionExW
SetLastError
CopyFileW
FindFirstFileW
FindNextFileW
FindClose
SetFileAttributesW
RemoveDirectoryW
GetDriveTypeW
GetFileAttributesW
GetTempPathW
MulDiv
GetLocalTime
TlsAlloc
TlsSetValue
TlsGetValue
GlobalFree
GlobalAlloc
HeapSize
TlsFree
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
VirtualAlloc
VirtualFree
IsValidCodePage
GetACP
GetOEMCP
GetFileType
PeekNamedPipe
GetFileInformationByHandle
GetFileAttributesA
CreateFileA
GetExitCodeProcess
GetFullPathNameW
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject

gdiplus

GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY

user32

IsWindowEnabled
IsWindowVisible
ExitWindowsEx
GetActiveWindow
SendMessageW
GetWindowTextLengthW
GetSysColor
SetRect
GetWindowLongW
RedrawWindow
GetDlgCtrlID
GetWindowTextW
ShowWindow
SetForegroundWindow
SetWindowLongW
UpdateLayeredWindow
DestroyIcon
EnumWindows
MessageBoxW
PostMessageW
GetForegroundWindow
GetWindowThreadProcessId
EnableWindow
SetWindowPos
DestroyWindow
SystemParametersInfoW
SetFocus
GetFocus
GetParent
GetClassNameW
SetWindowTextW
CallWindowProcW
RemovePropW
GetWindowRect
GetPropW
CreateWindowExW
SetPropW
SetScrollPos
GetDC
InflateRect
ReleaseDC
GetWindowDC
MapWindowPoints
MoveWindow
InvalidateRect
GetIconInfo
UpdateWindow
ReleaseCapture
BeginPaint
DrawStateW
EndPaint
SetCapture
ScreenToClient
GetSystemMetrics
GetSysColorBrush
DrawTextW
GetWindow
ValidateRect
ClientToScreen
GetClientRect
FillRect
DefWindowProcW
LoadCursorW
RegisterClassExW
SetClassLongW
EnumPropsExW
SetActiveWindow
LoadIconW
IsZoomed
IsIconic
PeekMessageW
MsgWaitForMultipleObjects
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
RegisterClassW
AdjustWindowRectEx
CreateAcceleratorTableW
UnregisterClassW
DestroyAcceleratorTable
GetMenu
SetTimer
KillTimer
DefFrameProcW
EnumChildWindows
GetKeyState
IsChild
RegisterWindowMessageW
CreateIconFromResourceEx
CreateIconFromResource
CharLowerW
DrawIconEx

gdi32

StartDocW
GetMapMode
SetMapMode
GetDeviceCaps
DPtoLP
StartPage
EndPage
EndDoc
SetBkColor
CreateDCW
DeleteObject
GetStockObject
CreateFontIndirectW
ExcludeClipRect
GetObjectType
GetObjectW
SetTextColor
SelectObject
GetTextExtentPoint32W
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
SetStretchBltMode
StretchBlt
CreateSolidBrush
GdiGetBatchLimit
GdiSetBatchLimit
BitBlt
CreateDIBSection
SetBrushOrgEx
CreateBitmap
SetPixel
GetDIBits
CreateFontW
SetBkMode
SetTextAlign
TextOutW
GetTextMetricsW
GetPixel

comdlg32

PrintDlgW

advapi32

OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
GetUserNameW
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

comctl32

InitCommonControlsEx
ImageList_Replace
ImageList_Add
ImageList_ReplaceIcon
ImageList_Remove
ImageList_AddMasked
ImageList_Destroy
ImageList_Create

ole32

CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize
CoCreateGuid
StringFromGUID2
RevokeDragDrop

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHCreateDirectory
SHBrowseForFolderW
ExtractIconW
SHGetFileInfoW
ShellExecuteExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.code
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 576KB - Virtual size: 576KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$RECYCLE.BIN/$RCMX6RL.js
.js
$RECYCLE.BIN/$RHL25IB.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$RECYCLE.BIN/$RIN4D18.js
.js
$RECYCLE.BIN/$RJXIQS1.bat
.bat .vbs
$RECYCLE.BIN/$RKNZUIN.js
.js
$RECYCLE.BIN/$RLCPGGH.vbs
.vbs
$RECYCLE.BIN/$ROHUJ2V.js
.js
$RECYCLE.BIN/$RPFEKS8.scr
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$RECYCLE.BIN/$RQBT6RP.vbs
.vbs
$RECYCLE.BIN/$RQCRS6H.js
.js
$RECYCLE.BIN/$RS57ED9.pif
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 581KB - Virtual size: 581KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$RECYCLE.BIN/$RU3LK4L.vbs
.vbs
$RECYCLE.BIN/$RUONKGR.vbs
.vbs
$RECYCLE.BIN/$RUX08ML.pif
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 309KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$RECYCLE.BIN/$RWZ85M3.js
.js
$RECYCLE.BIN/$RXOGX0J.js
.js
$RECYCLE.BIN/$RXOYXGM.js
.js
$RECYCLE.BIN/desktop.ini
System Volume Information/IndexerVolumeGuid
System Volume Information/WPSettings.dat
invoice.pdf.lnk
.lnk

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 4KB - Virtual size: 4KB

.rsrc Size: 175KB - Virtual size: 174KB

.reloc Size: 512B - Virtual size: 12B

ad9d11227a86b863e31ddf6019cc7ab5

Headers

File Characteristics

Imports

msvcrt

kernel32

gdiplus

user32

gdi32

comdlg32

advapi32

comctl32

ole32

shell32

version

Sections

.code Size: 66KB - Virtual size: 66KB

.text Size: 576KB - Virtual size: 576KB

.rdata Size: 77KB - Virtual size: 77KB

.data Size: 56KB - Virtual size: 63KB

.rsrc Size: 9KB - Virtual size: 8KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 4KB - Virtual size: 4KB

.rsrc Size: 175KB - Virtual size: 175KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 3KB - Virtual size: 3KB

.rsrc Size: 175KB - Virtual size: 174KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 581KB - Virtual size: 581KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 309KB - Virtual size: 308KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 175KB - Virtual size: 174KB

.reloc
Size: 512B - Virtual size: 12B

.code
Size: 66KB - Virtual size: 66KB

.text
Size: 576KB - Virtual size: 576KB

.rdata
Size: 77KB - Virtual size: 77KB

.data
Size: 56KB - Virtual size: 63KB

.rsrc
Size: 9KB - Virtual size: 8KB

.text
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 175KB - Virtual size: 175KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 175KB - Virtual size: 174KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 581KB - Virtual size: 581KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 309KB - Virtual size: 308KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B