Overview

overview

3

Static

static

3

Fluxus/Fluxus V7.exe

windows10-2004-x64

1

KRNLWRD/Bu....3.dll

windows10-2004-x64

1

KRNLWRD/Sc...ET.dll

windows10-2004-x64

1

KRNLWRD/autoexec.lnk

windows10-2004-x64

3

KRNLWRD/injector.dll

windows10-2004-x64

1

KRNLWRD/krnl.dll

windows10-2004-x64

3

KRNLWRD/krnl.exe

windows10-2004-x64

1

KRNLWRD/workspace.lnk

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1.rar

  • Size

    9.0MB

  • MD5

    4bd0e33bb298e39a8941efa39da113ee

  • SHA1

    ebdc1e0deaa52d1f32b49258b7718e0f54d5766d

  • SHA256

    44069d1e021c399f72a2ad83ddb13641bd4ef8a07eb52e81d06b2ceca16e2cb4

  • SHA512

    1e7d53ff11f2ddafb94098b71b5c93c86b5a2f743cf7f7901b5e7d617cfd8cc371b24c4ba83e79fd240d51fa0fe4b6053aa64a33098ac49d69ecff1c45799b00

  • SSDEEP

    196608:A6QResplB+dQH+kpC8eMpApf9aBHjHEhp5vKtMtSuJ141F:A6RglByWp2fglr2DVG

Score
3/10

Malware Config

Signatures

  • Unsigned PE 5 IoCs

    Checks for missing Authenticode signature.

Files

  • 1.rar
    .rar

    Password: infectedprotenmais

  • Fluxus.zip
    .zip

    Password: infectedprotenmais

  • Fluxus/Fluxus V7.exe
    .exe windows:4 windows x86 arch:x86

    Password: infectedprotenmais

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • KRNLWRD.rar
    .rar

    Password: infectedprotenmais

  • KRNLWRD/Bunifu_UI_v1.5.3.dll
    .dll windows:4 windows x86 arch:x86

    Password: infectedprotenmais

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • KRNLWRD/ScintillaNET.dll
    .dll windows:4 windows x86 arch:x86

    Password: infectedprotenmais

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • KRNLWRD/autoexec.lnk
    .lnk
  • KRNLWRD/injector.dll
    .dll windows:6 windows x86 arch:x86

    Password: infectedprotenmais

    d588e0751eeca8d75865b11d7d0b6027


    Headers

    Imports

    Exports

    Sections

  • KRNLWRD/krnl.dll
    .dll windows:6 windows x86 arch:x86

    Password: infectedprotenmais

    615138fe2fa1806ffa5686c81568e1f8


    Headers

    Imports

    Exports

    Sections

  • KRNLWRD/krnl.exe
    .exe windows:4 windows x86 arch:x86

    Password: infectedprotenmais

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • KRNLWRD/krnlss.exe.config
    .xml
  • KRNLWRD/workspace.lnk.lnk
    .lnk