kutaki | a1809e923de6cae635be84aa94afa7b7[.]bin

General

Target

a1809e923de6cae635be84aa94afa7b7.bin
Size

2.1MB
MD5

55a30bb63467702eb7a148adf37d2847
SHA1

88bbd1a61851c5cfb9fd77a15c0e051a8e948205
SHA256

464f804c740b25c3bcff17535139009cd178237e638f278beb8489cad222835b
SHA512

564bb30aa9f6550a0691dd37b520c42743536c15597a2767fbd2a09f5e055a69f59cd7060d378f2ea0bbeac30d02e652eb7132e11c3c355ef7be6eca468ba36f
SSDEEP

49152:p7PsrFyKHvZHiC2bWRVx8jFrGyjrV6wCxaYZ+oikQEi0yyp4gLASsqH6Bt:p7PEyKPZHgM7W7TCxBlQD7gUSsZBt

Score

10^/10

kutaki

Family

kutaki

C2

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack003/INF_NEFT_Debit.bat

a1809e923de6cae635be84aa94afa7b7.bin
.zip

Password: infected
fffabbf5eb28e080d666156800c4d0a7ca5c986559fc5c3cc632155d12801fb4.zip
.zip

Password: infected
INF_NEFT_Debit.zip
.zip

Password: infected
INF_NEFT_Debit.bat
.exe windows:4 windows x86

Password: infected

561c18361eb724808a2d9ecd5f5cc217

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord696
ord698
MethCallEngine
ord516
ord518
ord626
ord519
ord667
ord591
ord593
ord594
ord595
ord596
ord598
ord520
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord527
ord528
ord529
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord713
ord714
ord607
ord608
ord716
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord581

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ