decrypted_vpn[.]txt

Sharing

Copy URL Twitter E-mail

General

Target

decrypted_vpn.txt
Size

2.3MB
MD5

d76740d765d75dd713f4202860e11c14
SHA1

d839c59b16326a088d65fc0798a7298ef4cd678b
SHA256

409dbf07dc6ac189f16758e3e09d1a26bc96616e7808b931b89afb602851fb9b
SHA512

bd4f0784fb64c2fbd3ccda26df7f6dedec4aff2c25df03a464dfe8b22cc613995da46f7088615adc311aaaee0b7989232cabea7810b594ec6ea8901c4ba3c80a
SSDEEP

49152:3kEfGw93Tr7/OQVQ8ITdeCkXNZ6B+XWBBD7zj7zUllvod8Cfm0kXe6q4r1w5pEbD:ZmmQRMLZu+XW/7XsvFCefXe81wl77C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
decrypted_vpn.txt

Files

decrypted_vpn.txt
.exe windows x86

d71c2b52a74b8c701e35f9ba04904482

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
GetModuleFileNameA
GetFileSize
ExpandEnvironmentStringsA
lstrcatA
lstrcpyA
CreateProcessA
GetTempPathA
GetTickCount
GlobalAlloc
GlobalLock
GlobalUnlock
VirtualProtect
HeapAlloc
GetProcessHeap
HeapFree
GetComputerNameA
lstrlenA
InterlockedDecrement
GetFileAttributesA
CreateMutexA
GetLastError
OutputDebugStringA
LocalSize
LocalFree
OpenProcess
TerminateProcess
GetLogicalDriveStringsA
lstrcmpiA
QueryDosDeviceA
LocalAlloc
CreateToolhelp32Snapshot
Process32First
LocalReAlloc
Process32Next
GetCurrentProcess
Thread32First
OpenThread
SuspendThread
ResumeThread
Thread32Next
GetCurrentProcessId
GetCurrentThreadId
CreateFileA
SetEnvironmentVariableA
CompareStringW
CreateFileW
SetEndOfFile
WriteConsoleW
GetStringTypeW
LCMapStringW
LoadLibraryW
FlushFileBuffers
SetStdHandle
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetTimeZoneInformation
GetModuleFileNameW
HeapCreate
ExitProcess
HeapSize
ReadFile
MultiByteToWideChar
GetStartupInfoW
GetFileType
GetStdHandle
SetHandleCount
SetFilePointer
RtlUnwind
FreeLibrary
GetProcAddress
LoadLibraryA
DeleteFileA
Sleep
LeaveCriticalSection
VirtualFree
EnterCriticalSection
SetEvent
InterlockedExchange
CancelIo
CreateThread
ResetEvent
DeleteCriticalSection
CloseHandle
WaitForSingleObject
CreateEventA
InitializeCriticalSection
VirtualAlloc
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
SetLastError
GetModuleHandleW
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
HeapSetInformation
GetCommandLineA
HeapReAlloc
DecodePointer
EncodePointer
GetSystemTimeAsFileTime

user32

CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ExitWindowsEx
wsprintfA
GetClipboardData
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetUserObjectInformationA
GetThreadDesktop
InternalGetWindowText
GetWindowTextA
IsWindow
ShowWindow
PostMessageA
EnumWindows
GetWindowThreadProcessId
GetClassNameA
IsWindowVisible
GetLastInputInfo

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
LookupAccountSidA
GetTokenInformation
OpenProcessToken
CloseEventLog
ClearEventLogA
OpenEventLogA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

ole32

CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoSetProxyBlanket
CoCreateInstance

oleaut32

VariantClear
SysFreeString
SysAllocString

ws2_32

inet_ntoa
setsockopt
WSAIoctl
select
recv
closesocket
WSAStartup
WSACleanup
socket
gethostbyname
htons
getsockname
connect
inet_addr
gethostname
send

psapi

GetProcessImageFileNameA
GetProcessMemoryInfo
EnumProcessModules
GetModuleFileNameExA

shlwapi

PathFindFileNameA

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d71c2b52a74b8c701e35f9ba04904482

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

psapi

shlwapi

Sections

.text Size: 112KB - Virtual size: 112KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 16KB - Virtual size: 16KB

.vmp0 Size: 2.2MB - Virtual size: 2.2MB

.reloc Size: 8KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 112KB - Virtual size: 112KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 16KB - Virtual size: 16KB

.vmp0
Size: 2.2MB - Virtual size: 2.2MB

.reloc
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 4KB