egregor | Python[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Python.zip
Size

123.7MB
MD5

ed7281dedb0c39fa7f4d73b43883929d
SHA1

8ce22c6615a12719ca537e842eb54466690e3f52
SHA256

2a62a5b625dd018a2c2c656849626f54351182a0dbe68059c1df704b0823d1b1
SHA512

ae925fdb21ba1f4abc4fa21c2e98ee51642e5cee527839774a0414421fb10bf762c219b40c3defe3a7fcec66d29022a3900e63c187615ee30ef846f0c2d30036
SSDEEP

3145728:ijqX6JUhmvs+hVgUDXgPx3w7OMOQ7cRC6NP5beB16:mqq+wU+h3DmwazQSCqcP6

Score

10^/10

egregor

Malware Config

Signatures

Detected Egregor ransomware 1 IoCs

resource	yara_rule
static1/unpack006/3b13b6f1d7cd14dc4a097a12e2e505c0a4cff495262261e2bfc991df238b9b04.dll	family_egregor

Egregor family
egregor

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack002/07a73fb70fa63ff53d091c68cb1e5728314ff7b479ca695050173faf3f8f5ea2.exe
unpack004/1a4f63c7c5b4e3e26cce157c4e0d6ed8c1fef956c4033b96df9159d27169445d.dll
unpack006/3b13b6f1d7cd14dc4a097a12e2e505c0a4cff495262261e2bfc991df238b9b04.dll

Files

Python.zip
.zip

Password: infected
.dll/07a73fb70fa63ff53d091c68cb1e5728314ff7b479ca695050173faf3f8f5ea2.zip
.zip

Password: infected
07a73fb70fa63ff53d091c68cb1e5728314ff7b479ca695050173faf3f8f5ea2.exe
.dll regsvr32 windows:4 windows x86 arch:x86

Password: infected

37a5eed1a16598aca7a2b35d466fc075

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCreateKeyExA
RegDeleteKeyW
SetEntriesInAclW
GetLengthSid
RegisterEventSourceW
RegOpenKeyW
StartServiceW
CopySid
QueryServiceStatus
IsValidSid
RegSetValueExW
RegCloseKey
InitializeSecurityDescriptor
RegEnumKeyExW
OpenProcessToken
OpenSCManagerW
RegQueryInfoKeyW
RegOpenKeyExA
RegCreateKeyExW
AllocateAndInitializeSid
RegDeleteValueW
RegDeleteKeyA
RegOpenKeyExW
RegEnumValueA
RegQueryValueExW
GetTokenInformation
DeregisterEventSource
OpenServiceW
SetSecurityDescriptorDacl
ReportEventW
CloseServiceHandle
RegQueryInfoKeyA
RegSetValueExA
RegEnumValueW
FreeSid

kernel32

VirtualProtect
FlushViewOfFile
GetSystemDefaultLCID
SwitchToThread
CreateDirectoryW
SetUnhandledExceptionFilter
TerminateProcess
WideCharToMultiByte
GetCurrentProcess
SetLastError
TryEnterCriticalSection
LocalFree
SetFilePointer
InterlockedDecrement
lstrcmpW
LoadLibraryW
GetProcAddress
CreateMutexW
FormatMessageW
ReleaseMutex
lstrcmpiW
DeleteFileW
FreeLibrary
CreateSemaphoreW
InterlockedIncrement
MoveFileExW
GetLastError
UnhandledExceptionFilter
WaitForSingleObject
CreateFileMappingW
lstrcpyW
DeleteCriticalSection
SetEvent
GetVersionExW
MapViewOfFile
OpenEventW
InterlockedCompareExchange
GetSystemTime
lstrcatW
UnmapViewOfFile
QueryPerformanceCounter
InitializeCriticalSection
GetCurrentThreadId
GetLocaleInfoW
GetCurrentProcessId
GetTickCount
EnterCriticalSection
ExpandEnvironmentStringsW
LeaveCriticalSection
GetVersionExA
CreateFileW
ResetEvent
lstrlenW
WriteFile
CloseHandle
CreateFileA
ReleaseSemaphore
lstrlenA
WaitForMultipleObjects
GetVersion
GetModuleFileNameW
CreateEventW

loadperf

LoadPerfCounterTextStringsW
UnloadPerfCounterTextStringsW

msvcrt

memcpy
wcschr
memset
?terminate@@YAXXZ
_CxxThrowException
wcsrchr
_onexit
_initterm
mbstowcs
__CxxFrameHandler
wcslen
_wtol
realloc
wcsstr
__dllonexit
free
malloc

ole32

CoSetProxyBlanket
CoUninitialize
CoCreateInstance
CoInitializeEx

user32

CharNextW
LoadStringW
wsprintfW

Exports

Exports

Unrenounced
DllRegisterServer
Remancipate
Identicalness
Forevalue
DllUnregisterServer
Chthonic
Thoughted
DllGetClassObject
Amoralize
Overmature
DllCanUnloadNow
Handcraft
Ophioglossales

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 89KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.dll/1a4f63c7c5b4e3e26cce157c4e0d6ed8c1fef956c4033b96df9159d27169445d.zip
.zip

Password: infected
1a4f63c7c5b4e3e26cce157c4e0d6ed8c1fef956c4033b96df9159d27169445d.dll
.dll regsvr32 windows:6 windows x86 arch:x86

Password: infected

1ae6ba40e9dbf13143cd3d538d88f08a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtect
RemoveDirectoryW
Sleep
TlsAlloc
CloseHandle
DecodePointer
WriteConsoleW
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
CompareStringW
LCMapStringW
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetStdHandle
GetFileType
RaiseException

user32

SetWinEventHook
UnhookWinEvent

ole32

CLSIDFromString
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoInitialize

oleacc

AccessibleObjectFromEvent
GetOleaccVersionInfo
GetRoleTextW

oledlg

OleUIBusyW
OleUIEditLinksW
OleUIObjectPropertiesW

Exports

Exports

DllRegisterServer
Wentpoor

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.dll/3b13b6f1d7cd14dc4a097a12e2e505c0a4cff495262261e2bfc991df238b9b04.zip
.zip

Password: infected
3b13b6f1d7cd14dc4a097a12e2e505c0a4cff495262261e2bfc991df238b9b04.dll
.dll regsvr32 windows:6 windows x86 arch:x86

Password: infected

0467f09a9ac3a8400cf260fd785be3fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MessageBoxA

kernel32

GetModuleFileNameW
EncodePointer
GetCommandLineW
LoadLibraryW
GetProcAddress
VirtualAlloc
Sleep
CreateFileW
ExitProcess
VirtualQuery
VirtualFree
GetCurrentProcess
FlushInstructionCache
VirtualProtect
IsBadReadPtr
LoadLibraryA
FreeLibrary
lstrcmpA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
InterlockedPushEntrySList
InterlockedFlushSList
RaiseException
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
GetCurrentThread
GetACP
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetProcessHeap
SetConsoleCtrlHandler
GetStringTypeW
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetStdHandle
HeapSize
HeapReAlloc
CloseHandle
SetFilePointerEx
WriteConsoleW
OutputDebugStringA
OutputDebugStringW
WaitForSingleObjectEx
CreateThread

Exports

Exports

DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 339KB - Virtual size: 339KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 380KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.dll/53df5bb98b96c6a2be5ff6236ab930d8ae6e7ecff953adec7e93c3978c9a81d7.zip
.zip

Password: infected
53df5bb98b96c6a2be5ff6236ab930d8ae6e7ecff953adec7e93c3978c9a81d7.dll
.dll windows:4 windows x86 arch:x86

Password: infected

fcb7e66723aeaab780b1c2b44639282c

Code Sign

b8:b5:8b:6c:fe:39:5e:33:8f:34:76:d1:21:e7:81:39
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-11-2020 00:00

Not After

11-11-2021 23:59

Subject

CN=Školab s.r.o.,O=Školab s.r.o.,POSTALCODE=500 03,STREET=Víta Nejedlého 1161/1b,L=Hradec Králové,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:96:3d:d5:5d:d4:bb:0e:83:52:ca:00:7e:0a:c9:e5:5a:ae:6e:2b
Signer

Actual PE Digest

7b:96:3d:d5:5d:d4:bb:0e:83:52:ca:00:7e:0a:c9:e5:5a:ae:6e:2b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
LoadLibraryA
VirtualAlloc
VirtualProtect
GetProcAddress
GetCurrentThread
GetCurrentProcess

imagehlp

SymGetLinePrev

oleacc

ObjectFromLresult

version

VerQueryValueA

gdiplus

GdipGetTextContrast

Sections

.code
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.dll/57120da92792471020573332d1ff30fadf4496f77e2652229c6dca7fc8685ae3.zip
.zip
.dll/686e60d6079a08eaafcdca5ab248cbc18cae7c6871b989c3bcbcb9a02fd5fad9.zip
.zip
.dll/7ca44cc3821b27376d9a179cad523d5dc4479acc9bc2f3c37f85b384acdde3b4.zip
.zip
.dll/9f38af84820dc29e805029409bbb2a5765036775973e3898b6db1f66c1b47270.zip
.zip
.dll/9f6165d02388019c2daed164f8b370c4b5e05e578d8577000e92ea7fb8a2792c.zip
.zip .ps1 polyglot
.dll/b69f17a7126bf24174e8d6cd594c5ebb28485db8e3943b0cebc5bf1225d6c6ae.zip
.zip
.dll/ba25af3aa1f14cd574b5f8d43867a0be53d2df9f6fe37116da6dd05446296fb7.zip
.zip
.dll/d7fafabbb381c34185ad30f0d5337ec8072d0705e0e9fb1d91e7358ed934fff3.zip
.zip
.dll/e9d685a87e1e62f97d2fc61929348fa9db0fb5b89c82917630ca61d0e53f08be.zip
.zip
.scr/15a8b67526b6b563f7fd48850bc4d5fb10e504bb9b2b156c9ce1d82a8a7aaaa7.zip
.zip
.scr/1e6b0b8ccd020dbe46b92b0db77c1562820ea85e3a1cd7d43710ff88473f9346.zip
.zip
.scr/243915f58ee0b47ad8f4972192a2634781e7beb3cec92999f2d48fba3ee08b2b.zip
.zip
.scr/2a24e55affebdf336e67fe9ba8f667b095784a6bc6857ce8b89e7c48c8a8fd21.zip
.zip
.scr/2c6110a76dda8da49195052fa561ab8b8278c02df400124e46d26d2df228b70b.zip
.zip
.scr/381d4a53dc6d69491c703d2f35888b64a675c2b3de8f6572720828dd428a359b.zip
.zip
.scr/3ca289bac2df826b2d7c4faa05cd9f39a948fdf47872d56ddcfd1a45e60be963.zip
.zip
.scr/426277fd9dbf7e7af41038e0fe81c84e55f8abe27fb5d12190e73d542366d159.zip
.zip
.scr/53425ac47307e7d6e98deae06742bfebdade503bf6e48766a84ea52a3045f3a8.zip
.zip
.scr/6f45fa949213df83d9842127737f160dc01e00023f5638030546a47e7dc28110.zip
.zip
.scr/8c27edb9a77712a4e13e8133f233ba34d7182e7823d0408fd12da11c91f94178.zip
.zip
.scr/9b60c965a1425ff01954ce6a917cb4486d5af5cb36f538233139042ea324a64e.zip
.zip
.scr/b1b3a3b2ff01c33585d2fa3eadd78741af5b421e7463450e348401be175f0a31.zip
.zip
.scr/c86b7a87ec994002a7f8f759ce37633e2ebfce32c727abf26b1c8cd4b32f0c1a.zip
.zip
.scr/c8f09665c4c94041dd63191d0ea1b0f5092dc636eea7191242a7d7da9d7fa8b6.zip
.zip
.scr/cfbff78272aa6680ec533fc66b4d2f10145c0b9b9a45fcf6f41bf65f54d6191c.zip
.zip
.scr/e1425c206541c96966f3ae03789d6e6e39053d009d5030f9462fd3e2acccd8cc.zip
.zip
.scr/ed88adb1fab6005e7c44cb02346bd417aa47a32b0e14ec5c117156dadd37bc79.zip
.zip
.scr/f413624c125a8e6e6e8f4ece883a646fe784bc5a8f4f21185da1df43adc76da1.zip
.zip
.scr/f5a286e7a4f4fbdfa37f541dd0e7561038883a315139a4a7cf508f2490a81b76.zip
.zip
Java/229346faf2435484d1bd5a9a61d48e1d556d09f77df5d26295f07f42bdc61d33.zip
.zip
Java/59c45270d6700f712d625357442e40203dad60a01da25f3bb1d80f5de66963e5.zip
.zip
Java/757bdbdc08280edca50f48885e2d7c2d7e2dd576420a6aa34c61100d721d8499.zip
.zip
Java/a09be6234633ef869bf144b75ae973de8df67f7bba93d92be43ea7342039d83c.zip
.zip
Java/ccc9f5a8463054f7540bb2b7aff55ccf4523c2c50f31a61cfb5c6c703d162d20.zip
.zip
Python/04d136f4c2bac4196b1795bcd9e625029d686c696e7decabd17970da22a35caf.zip
.zip
Python/40ae709cb1d6335c3a41863d2dca21bfa7bd493ebb3d7ddd72da4e09b09b2988.zip
.zip
Python/4a70b909dbe668d0d2c5241dc582acb90c8820acb436a1ecbb620019e93fbda8.zip
.zip
Python/4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.zip
.zip
Python/6661b5d6c8692bd64d2922d7ce4641e5de86d70f5d8d10ab82e831a5d7005acb.zip
.zip
Python/6f22b803d64f96feb954539f6b9701202a6b780a1c5f3d04f3ee7be932cc6e8d.zip
.zip
Python/82333533f7f7cb4123bceee76358b36d4110e03c2219b80dced5a4d63424cc93.zip
.zip
Python/82c4e7b016ff5dbdc35992f34714073bd931245099c0dde9aa544cda47c117cf.zip
.zip
Python/9353cf6347377bf1194349bff4001485fac99a5cd3ee03781e81c157452dae68.zip
.zip
Python/95e35f1614df92a318a749a8f62a35b9c03f2f34f08ad5606b45c9d817ff1d93.zip
.zip
Python/9f9c7002f4ce0dec2f3c8d485d84c03b501b0ebda89a6f14f0727eeda3e0aac3.zip
.zip
Python/a8f6a74bd11b294d3b6805da9c4157f6c042acfbef4a63c54fd3b2ec7f557170.zip
.zip
Python/e45ffc61a85c2f5c0cbe9376ff215cad324bf14f925bf52ec0d2949f7d235a00.zip
.zip
Spy/FinSpy/1cf36a2d8a2206cb4758dcdbd0274f21e6f437079ea39772e821a32a76271d46.zip
.zip
Spy/FinSpy/651bc82076659431e06327aeb3aacef2c30bf3cfd43ae4f9bc6b4222f15bb673.zip
.zip
Spy/FinSpy/bb8c0e477512adab1db26eb77fe10dadbc5dcbf8e94569061c7199ca4626a420.zip
.zip
Spy/FinSpy/f5c245bd4d7eb95f9a2afde8960ef9c9640ad426a8e438b52caca1541b928954.zip
.zip
Spy/Kutaki/41c9d28653704e628d8dd20e5f65a298242072156a31bc5fe0e24a1f4c640af5.zip
.zip
Spy/Kutaki/736cb1644adf35fc139e7031d9bc5073816784d21b34de83260387f47f13ba43.zip
.zip
Spy/Mekotio/221209ea7151b399298c882daa26297c5b299f44369340d1050c82ff2b8865d8.zip
.zip
Spy/Mekotio/27b181f7f408f0f5f6f6d8f3d395fd499b47bce36044865d57fe10eaa2a440c2.zip
.zip
Spy/Mekotio/2832f74602487bf734cc7aac8c05345a7ed52d6659427eae017bab97ca638027.zip
.zip
Spy/Mekotio/2aaad8177d08507b09dc3d419b4d31f65db6fe6bc6314ffce650b9fc57f0817c.zip
.zip
Spy/Mekotio/628f191ae13445e2fb70b19ee162bbcbf406033db1b322b9e5841f5e5439d26b.zip
.zip
Spy/Mekotio/686e60d6079a08eaafcdca5ab248cbc18cae7c6871b989c3bcbcb9a02fd5fad9.zip
.zip
Spy/Mekotio/93488eab403fafb3d8e10d38c80f0af745e3fa4cf26228acff24d35a149f6269.zip
.zip
Spy/Mekotio/b2c0b8e5c095f109f7b030fbcbd5258e9e3d1cc6438d1a6562ce52827097bf11.zip
.zip
Spy/Mekotio/c3a382298e7b40c769094035a49abe71314c89509848cd9485467c2179193a0f.zip
.zip
Spy/Mekotio/e24021c34cf961f2a17e8f5813e5be1240981f2c5ce5cacac3994c5dfb8cf077.zip
.zip
Spy/Mekotio/fce228a0686897560aa491b1537b675ea64474c695e8b5a114d7dd1952a18434.zip
.zip
Spy/Spyware/031ed94b13f6292ca38061ac20d5c784c6470d3f52b207a959bedf0ed12c0665.zip
.zip
Spy/Spyware/5a0daa24b5748d81ba0bb78d7f2b50eb4c387ffe679c92c1462f7dec586adb1f.zip
.zip
Spy/Spyware/7373bf246de45665456d475877db908aaf24047832483f8beff43e684c317305.zip
.zip
Spy/Unknown/1c133b9bb476879df8145370ce1069ec92f28cade85a839e0159158a3e1b1afd.zip
.zip
Spy/Unknown/6b4dd13ea6241a6c8ad2c967d88f3336798dc1e30dd24cfa3377f9b363d70b2e.zip
.zip
Spy/Vadokrist/06ecd4b121e1f12e29aa491267becf904b68bd723d449cd5f1710115ab3458a5.zip
.zip
Spy/Vadokrist/183b4e8853977551d6bf68ce7d1ecb386af257e1b2d6f954505d10413f2fe39d.zip
.zip
Spy/Vadokrist/817c226e42f5c503325288fd8273bc03b326590f457e7a589eb34c2792d0a5db.zip
.zip
Spy/Vadokrist/f1b53f5353fa9ba6ddce5df301e28b5c68947f032463c220d163d03ab95832ef.zip
.zip
Spy/Vadokrist/f432b55c5ad9b8bce21dc05e1ea3374e4185794169b12bfbc0004a6f7498751f.zip
.zip
Spy/Vadokrist/fcfd08ece32e24fea0ff980a4cb63afb080b5b4d39875452b91e373458e000bb.zip
.zip

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

37a5eed1a16598aca7a2b35d466fc075

Headers

File Characteristics

Imports

advapi32

kernel32

loadperf

msvcrt

ole32

user32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 24KB

.data Size: 89KB - Virtual size: 108KB

.reloc Size: 1KB - Virtual size: 1KB

Password: infected

Password: infected

1ae6ba40e9dbf13143cd3d538d88f08a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

oleacc

oledlg

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 92KB

.data Size: 3KB - Virtual size: 57KB

.idata Size: 2KB - Virtual size: 2KB

.gfids Size: 512B - Virtual size: 168B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

Password: infected

Password: infected

0467f09a9ac3a8400cf260fd785be3fc

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

Exports

Exports

Sections

.text Size: 339KB - Virtual size: 339KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 380KB - Virtual size: 385KB

.idata Size: 3KB - Virtual size: 3KB

.gfids Size: 1KB - Virtual size: 1KB

.00cfg Size: 512B - Virtual size: 260B

.reloc Size: 11KB - Virtual size: 11KB

Password: infected

Password: infected

fcb7e66723aeaab780b1c2b44639282c

Code Sign

b8:b5:8b:6c:fe:39:5e:33:8f:34:76:d1:21:e7:81:39Certificate

Extended Key Usages

Key Usages

01Certificate

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

7b:96:3d:d5:5d:d4:bb:0e:83:52:ca:00:7e:0a:c9:e5:5a:ae:6e:2bSigner

Headers

.text
Size: 24KB - Virtual size: 24KB

.data
Size: 89KB - Virtual size: 108KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 92KB - Virtual size: 92KB

.data
Size: 3KB - Virtual size: 57KB

.idata
Size: 2KB - Virtual size: 2KB

.gfids
Size: 512B - Virtual size: 168B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 339KB - Virtual size: 339KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 380KB - Virtual size: 385KB

.idata
Size: 3KB - Virtual size: 3KB

.gfids
Size: 1KB - Virtual size: 1KB

.00cfg
Size: 512B - Virtual size: 260B

.reloc
Size: 11KB - Virtual size: 11KB

b8:b5:8b:6c:fe:39:5e:33:8f:34:76:d1:21:e7:81:39
Certificate

01
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

7b:96:3d:d5:5d:d4:bb:0e:83:52:ca:00:7e:0a:c9:e5:5a:ae:6e:2b
Signer

.code
Size: 194KB - Virtual size: 193KB

.rdata
Size: 54KB - Virtual size: 54KB