aYQ8OgoIi[.]dat[.]zip

Resubmissions

25-05-2023 08:50

230525-krw6gsha76 10

24-05-2023 17:20

230524-vwjfaseb2y 3

Sharing

Copy URL

Twitter E-mail

General

Target

aYQ8OgoIi.dat.zip
Size

194KB
MD5

f32309d5a646ad12e77ce165f161b7e5
SHA1

521dd88983fb7f3704f533c567a43ff0a5c56f34
SHA256

c8355038990c5baba14316cf093d2cc196903ac4def0abac332989ef8353bd9b
SHA512

860a1eb56f076b7a1ac75e73b202813b76072743588ead320020ce615d88797ed667e8a44126b39f4340553299c2083b03c582a826b0b1d6bb397a122a582e40
SSDEEP

6144:/V8GnY3p5N3b7AbdDpaiUReEeLL5cGz/edY:/V853preNdEda

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/aYQ8OgoIi.dat

Files

aYQ8OgoIi.dat.zip
.zip

Password: infected
aYQ8OgoIi.dat
.dll windows x86

f2e9757e5dc55604f9953968faf6ed8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
WaitForMultipleObjects
GetCurrentProcessId
DeleteCriticalSection
GetSystemInfo
GetTickCount
GetModuleHandleA
GetProcAddress
CreateFileA
GetVersionExA
CreateFileW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CancelIo
GetOverlappedResult
DeviceIoControl
SetLastError
GetLastError
CloseHandle
WriteFile
ReadFile
QueryDosDeviceW
GetLogicalDriveStringsW
OpenProcess
GetDriveTypeW
DecodePointer
SetFilePointerEx
GetConsoleMode
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
RtlUnwind
InterlockedFlushSList
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
LCMapStringW
GetACP
GetStdHandle
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStringTypeW
SetStdHandle
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
WriteConsoleW

Exports

Exports

af_addBindingRule
af_addFlowCtl
af_addRule
af_addRuleEx
af_adjustProcessPriviledges
af_completeTCPConnectRequest
af_completeUDPConnectRequest
af_deleteBindingRules
af_deleteFlowCtl
af_deleteRules
af_free
af_getConnCount
af_getDriverType
af_getFlowCtlStat
af_getProcessNameA
af_getProcessNameFromKernel
af_getProcessNameW
af_getTCPConnInfo
af_getTCPStat
af_getUDPConnInfo
af_getUDPStat
af_init
af_ipPostReceive
af_ipPostSend
af_modifyFlowCtl
af_registerDriver
af_registerDriverEx
af_setIPEventHandler
af_setOptions
af_setRules
af_setRulesEx
af_setTCPFlowCtl
af_setTCPTimeout
af_setUDPFlowCtl
af_tcpClose
af_tcpDisableFiltering
af_tcpIsProxy
af_tcpPostReceive
af_tcpPostSend
af_tcpSetConnectionState
af_tcpSetSockOpt
af_udpDisableFiltering
af_udpPostReceive
af_udpPostSend
af_udpSetConnectionState
bind

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

f2e9757e5dc55604f9953968faf6ed8a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 107KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 112KB - Virtual size: 110KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 112KB - Virtual size: 110KB

.reloc
Size: 7KB - Virtual size: 6KB