C:\yawapih_yasayotemoyofu\ritajesenafume\duboyitefe\yufaxi.pdb
Overview
overview
10Static
static
3a041839327...d1.exe
windows7-x64
10a041839327...d1.exe
windows10-1703-x64
10a041839327...d1.exe
windows10-2004-x64
10a041839327...d1.exe
windows11-21h2-x64
10b102ed1018...01.exe
windows7-x64
10b102ed1018...01.exe
windows10-1703-x64
10b102ed1018...01.exe
windows10-2004-x64
10b102ed1018...01.exe
windows11-21h2-x64
1650f0d694c...7e.exe
windows7-x64
10650f0d694c...7e.exe
windows10-1703-x64
10650f0d694c...7e.exe
windows10-2004-x64
10650f0d694c...7e.exe
windows11-21h2-x64
1Static task
static1
Behavioral task
behavioral1
Sample
a041839327295fde3df12ea61374abd19c4499b87e211757c593179d6a6870d1.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a041839327295fde3df12ea61374abd19c4499b87e211757c593179d6a6870d1.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
a041839327295fde3df12ea61374abd19c4499b87e211757c593179d6a6870d1.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral4
Sample
a041839327295fde3df12ea61374abd19c4499b87e211757c593179d6a6870d1.exe
Resource
win11-20240412-en
Behavioral task
behavioral5
Sample
b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral8
Sample
b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
Resource
win11-20240412-en
Behavioral task
behavioral9
Sample
650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe
Resource
win10-20240404-en
Behavioral task
behavioral11
Sample
650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral12
Sample
650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe
Resource
win11-20240412-en
General
-
Target
Desktop.rar
-
Size
198KB
-
MD5
7f7effdc4c7a19c224be6237dff8d701
-
SHA1
3897e1baf0d072d606f77b7b07ad58ecfb2da380
-
SHA256
c80fed268a0c461e382fe561fb0e94f41f4d1c4d611858bc56ea6118293e3de1
-
SHA512
8b17efb97c460d6f5cf7010206e3180992455beb1d6180c2aed5db045d4770401ffd2513790e2fcff605948ce5c23acf580e2a8d51919eabc1da3b5b6ebe9d13
-
SSDEEP
3072:IZL3PGErh57/VTnpKvp5QcHck6wyagpd5h11ANXqIJSw78RQSzipSoqI9oFKD29L:IxeI5TpYStkvyJpZfANXqIJyUcVu2x
Malware Config
Signatures
-
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack002/a041839327295fde3df12ea61374abd19c4499b87e211757c593179d6a6870d1 unpack003/b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801 unpack004/650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e
Files
-
Desktop.rar.rar .zip polyglot
-
AZOV_2.zip.zip
Password: infected
-
a041839327295fde3df12ea61374abd19c4499b87e211757c593179d6a6870d1.exe windows:5 windows x86 arch:x86
f1fc6bebd2ae7f3a8d696e55bbb6e33b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
GetConsoleAliasExesA
MoveFileExA
SetEndOfFile
InterlockedDecrement
WaitNamedPipeA
WriteConsoleInputA
SetComputerNameW
CreateHardLinkA
GetTickCount
GetConsoleAliasesLengthA
GetGeoInfoW
WriteFile
GetConsoleCP
LoadLibraryW
Sleep
ReadConsoleInputA
AssignProcessToJobObject
HeapDestroy
GetFileAttributesA
EnumSystemCodePagesA
CreateMutexW
GetFileAttributesW
WriteConsoleW
GetSystemDirectoryA
lstrlenW
LCMapStringA
GetLastError
GetProcAddress
VirtualAlloc
LoadLibraryA
WriteConsoleA
UnhandledExceptionFilter
OpenWaitableTimerW
LocalAlloc
AddAtomW
CreateEventW
FindNextFileW
GetFileAttributesExW
LCMapStringW
GetConsoleAliasW
GetSystemDefaultLangID
HeapAlloc
GetModuleHandleW
ExitProcess
GetStartupInfoW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapFree
VirtualFree
HeapReAlloc
HeapCreate
GetStdHandle
GetModuleFileNameA
RtlUnwind
SetHandleCount
GetFileType
GetStartupInfoA
SetFilePointer
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WideCharToMultiByte
GetConsoleMode
MultiByteToWideChar
CloseHandle
CreateFileA
SetStdHandle
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetConsoleOutputCP
FlushFileBuffers
GetProcessHeap
ReadFile
RaiseException
advapi32
IsTokenUntrusted
Sections
.text Size: 64KB - Virtual size: 64KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 100KB - Virtual size: 40.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 56KB - Virtual size: 55KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 33KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
AZOV_3.zip.zip
Password: infected
-
b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe windows:1 windows x64 arch:x64
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.code Size: 31KB - Virtual size: 31KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
-
AZOV_X64_1.zip.zip
Password: infected
-
650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe windows:1 windows x64 arch:x64
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.code Size: 32KB - Virtual size: 31KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ