Vinci_Energies_augmentations[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

Vinci_Energies_augmentations.rar
Size

973KB
MD5

b25c1614cb25c1d300c9e4465e682dd9
SHA1

b0d08da07b96afd0a9cf952253decf01c7c21b4d
SHA256

5935ac89c912ab9c293bdce2b45e37ab1972966ef518e84af87a4ca24f25d342
SHA512

159a0d8eab6ebd6778364dce7516baf6086ab573f6389e06302fa9435eeda55bd938f66041f343cd6a2f67de41e71539e1f6e0bfed11aec3ec44b108bde90606
SSDEEP

24576:2UGWOJob1/7qX4+3k3+GzhFF3E61QirExftr06zmo:2UGpJOVsx0+gz2+prqfhnv

Score

3^/10

pdf link

Malware Config

Signatures

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/h.dat

Files

Vinci_Energies_augmentations.rar
.rar
Documents.vbs
.vbs
Documents/2023-vinci-consolidated-financial-statements.pdf
.pdf
Documents/Vinci-400x400.jpg
.jpg
Documents/vinci-2023-annual-results.pdf
.pdf
- http://www.vinci.com/
- https://channel.royalcast.com/landingpage/vinci/20240208_1/
- https://channel.royalcast.com/landingpage/vincifr/20240208_1/
- http://vinci.com
- https://channel.royalcast.com/landingpage/vincifr/20240208_1/en-GB
- https://channel.royalcast.com/landingpage/vinci/20240208_1/en-GB
h.dat
.dll regsvr32 windows:6 windows x64 arch:x64

ac63820197ed479f8c048b79de3bcec1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetFileSize
GetProcAddress
CreateThread
CloseHandle
CreateFileA
GetModuleHandleA
ReleaseMutex
WaitForSingleObject
CreateMutexW
RtlLookupFunctionEntry
ReadFile
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
GetSystemTimeAsFileTime
RtlCaptureContext

advapi32

CryptDestroyKey
CryptAcquireContextW
CryptDecrypt
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptDestroyHash
CryptReleaseContext

vcruntime140

memset
__std_type_info_destroy_list
__C_specific_handler
memcpy

api-ms-win-crt-string-l1-1-0

strcat_s
strcpy_s

api-ms-win-crt-environment-l1-1-0

_dupenv_s

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
z.dat

Sharing

General

Malware Config

Signatures

Files

ac63820197ed479f8c048b79de3bcec1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 528B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 44B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 528B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 44B