General

Malware Config

Signatures

Files

• s.zip.zip

  .zip

  Password: infected

• s.zip

  .zip

  Password: infected

• db7cd6d0f75ddf78e0e6e09119d9071df07b50ef3f5289d474921adba4f35047.iso

  .iso
• Document.lnk

  .lnk
• hey/superstring.dll

  .dll .js windows:6 windows x64 arch:x64 polyglot

  a52e5c67083c9a6469ce9283f8b67c82

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DLL

  Imports

  kernel32

  WaitForSingleObjectEx

  CreateEventW

  OpenEventW

  VirtualAlloc

  CloseHandle

  usp10

  ScriptStringGetOrder

  ScriptGetFontAlternateGlyphs

  ole32

  OleQueryCreateFromData

  OleTranslateAccelerator

  StgCreatePropStg

  Exports

  Exports

  MMdIfEzjTRTMf

  PrPLlcFIDhjM

  RbijOueUefJVZaM

  TDvVBhCTzraQ

  TdPDbFrAWSPdEKqZ

  VRLfArwvMiEFiGx

  VTRItTHWuSOqXxqr

  VgxXOnyXxBAJK

  fuadsyguasgduhaisudjyuagsdua

  iasfsgpELrVmJ

  kRNIciuuPyv

  qWsGwsFPXXwN

  rmrKKkuldHY

  vMjDGnbaECjI

  wPSEHNPbjettJ

  Sections

  .text

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 721KB - Virtual size: 720KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 1024B - Virtual size: 534B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 512B - Virtual size: 480B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .grHx

  Size: 1024B - Virtual size: 1024B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

• hey/twelfth.bat