vaultFile16317623560930982450[.]vol

Sharing

Copy URL

Twitter E-mail

General

Target

vaultFile16317623560930982450.vol
Size

849KB
MD5

71d4a479721977c0e07d93c178706e70
SHA1

51958377a93a8c2b6460f6b3f6373a139effb423
SHA256

a2c34a9d89a15d8225a29cc8f6099042942961c04f1072aa035d8df1ec9ae72b
SHA512

e96041e1b24c46a8be2504dc4420422646b8cb14bc13668192099bfc4ef69b9e501b9f1311960d0bd0e2d9c5f3957b2307df74405d1858724057e4d107b985f4
SSDEEP

24576:3KiTTifPnYOOrG/2c36Lezq4Anu7GMJ2/RC+f1wocCNch3g:P+f/2E3qNngGMiRC+f1wBCNch3g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/main-slgs.cpl

Files

vaultFile16317623560930982450.vol
.zip
download-11-main/Setup.zip
.zip
main-slgs.cpl
.dll windows x86

493be340b4a1a6649dce3eb315e09525

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetTextColor
DeleteDC
ExtTextOutA
GetMetaFileBitsEx
GetCharWidthW
GetRgnBox
GetCharWidth32W
GetCharacterPlacementA
DescribePixelFormat
GetObjectType
GetBkMode
Escape
ExtTextOutW

comdlg32

FindTextW

clusapi

GetClusterFromResource

kernel32

GetModuleHandleA
GetBinaryTypeA
GetModuleFileNameA
GetStartupInfoA
DefineDosDeviceW
GetFileAttributesExW
lstrcatW
ExitThread
GetConsoleOutputCP
GetCommState
GetDiskFreeSpaceExW
LoadResource
EnumSystemLocalesA
VirtualQueryEx
GetCommandLineW
GetFileInformationByHandle
FindAtomW
GetProfileSectionA
VirtualUnlock
GetAtomNameW
lstrcpyA
GetProfileSectionW
lstrcmpiW
lstrcmpiA
GetFileSizeEx
GetUserDefaultLangID
LockFileEx
GlobalMemoryStatus
GetProcessId
GetComputerNameW
GetStringTypeExA
DeleteTimerQueueTimer
GetThreadSelectorEntry
GetCommMask
GetDefaultCommConfigA
GlobalFlags
GlobalDeleteAtom
lstrcatA
GlobalFree
GetVolumeInformationW
FindResourceExA
FindNextFileA

oleaut32

LoadTypeLibEx

advapi32

RegConnectRegistryW
InitiateSystemShutdownA
LogonUserExW
GetEventLogInformation
GetSidIdentifierAuthority
FreeEncryptionCertificateHashList
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitiateSystemShutdownExW
GetServiceKeyNameW
GetServiceDisplayNameA

winspool.drv

GetPrinterDriverW

user32

ExcludeUpdateRgn
LoadStringA
DrawTextA
DefDlgProcA
LoadCursorA
GetScrollInfo
GetPriorityClipboardFormat
GetClipboardFormatNameA
GetSystemMenu
DeleteMenu
LoadCursorW
DrawStateA
GetMenuItemID
GetParent

wininet

FindFirstUrlCacheEntryW

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 712KB - Virtual size: 710KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt1
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.dheg
Size: 680.7MB - Virtual size: 680.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

493be340b4a1a6649dce3eb315e09525

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

comdlg32

clusapi

kernel32

oleaut32

advapi32

winspool.drv

user32

wininet

Sections

.text Size: 8KB - Virtual size: 4KB

.rdata Size: 712KB - Virtual size: 710KB

.data Size: 128KB - Virtual size: 131KB

.crt1 Size: 84KB - Virtual size: 80KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 18KB

.dheg Size: 680.7MB - Virtual size: 680.7MB

.text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 712KB - Virtual size: 710KB

.data
Size: 128KB - Virtual size: 131KB

.crt1
Size: 84KB - Virtual size: 80KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 18KB

.dheg
Size: 680.7MB - Virtual size: 680.7MB