agenttesla | c4990aebded04b1f4a9c34072e736771183d8dcd091adf27ede3cb8c04ba520c

Sharing

Copy URL

Twitter E-mail

General

Target

c4990aebded04b1f4a9c34072e736771183d8dcd091adf27ede3cb8c04ba520c
Size

5.7MB
MD5

15317a0db98ac9c90ec9b3b9dd22dc3f
SHA1

6162baa5bed419865a92779617522814451b7306
SHA256

c4990aebded04b1f4a9c34072e736771183d8dcd091adf27ede3cb8c04ba520c
SHA512

0adee4da5a7c73d18b4dddf403c53447e38260e651714c5a3cd2cb9cb6ca6111e050a7bf6d8885ecae384c01ed332ee946f99c020b216039d972c6ea7cff9949
SSDEEP

98304:F2tnm4+igyfxCuqTr0XQZrirlfIls1M/AXJAp9nsYInfyDC4/P6adbFWl/U:8U4VbJw/gorirlIXkJ898fJ+6ads+

Score

10^/10

botnet upx agenttesla mirai

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
cp8nl.hyperhost.ua
Port:
587
Username:
[email protected]
Password:
@qwerty90123
Email To:
[email protected]

Extracted

Family

mirai

Botnet

BOTNET

Signatures

Agenttesla family
agenttesla
Mirai family
mirai

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/36a837a789f23110df93012b7da12c54857e10f342467d9ba2c0d0e2b2471fed.elf	upx

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0477d366c3dce1723cf124fc263a85654b4454909dffcc0d325020f1187e4f34.exe
unpack001/0cdc65a0b7fa4c5628fa770639f41f2ccc8660bc1df91817f7d8afe59f2ef2ae.exe
unpack001/0f59ce549544ddeaf45168bce4908445413c92c48b7baaefd317e36658796642.exe
unpack001/4c677969cde4b12fede4247e99653415ccf938d98d4958d99af13193cefab844.exe
unpack001/57430074bee1e7a668e0ece81119fcc8595a70c8a0e6be3d98bf1cc455f4fd49.exe
unpack001/68a9e97be5bec9fba6108897ebef0a1f00dec90cf894071dc80ba0fed62a2999.exe
unpack001/7a976ca005082ab7acea1a46330935bfdfeedf70f37f1707122b7335fa7201ae.exe
unpack003/CV Elena Alba Garcia.exe
unpack004/TEKLİF TALEP VE FİYAT TEKLİFİ_xlxs.exe
unpack001/fa396ba6c1ae4e9c786cff1a78012d86bd9a896f4999d4ba3b90864021fa806c.exe

Files

c4990aebded04b1f4a9c34072e736771183d8dcd091adf27ede3cb8c04ba520c
.zip

Password: infected
0477d366c3dce1723cf124fc263a85654b4454909dffcc0d325020f1187e4f34.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
0cdc65a0b7fa4c5628fa770639f41f2ccc8660bc1df91817f7d8afe59f2ef2ae.exe
.exe windows:5 windows x86 arch:x86

bf5a4aa99e5b160f8521cadd6bfe73b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Imports

kernel32

RaiseException
GetLastError
MultiByteToWideChar
lstrlenA
InterlockedDecrement
GetProcAddress
LoadLibraryA
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
Module32Next
CloseHandle
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
SetEndOfFile
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
HeapFree
GetProcessHeap
HeapAlloc
GetCommandLineA
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
ReadFile
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
FlushFileBuffers
SetFilePointer
SetHandleCount
GetFileType
GetStartupInfoA
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA

ole32

OleInitialize

oleaut32

SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayCreateVector
VariantClear
VariantInit
SysFreeString
SysAllocString

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
0f59ce549544ddeaf45168bce4908445413c92c48b7baaefd317e36658796642.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
16a7955213e4a78c58b8babe250d09e36e5567e18c7396bb7326af907e604ef9.elf
.elf linux mipsel
1d6d36ec589cbecea839e3b4a5156a35f48436847043f2e1f307f6579e7893e2.vbs
36a837a789f23110df93012b7da12c54857e10f342467d9ba2c0d0e2b2471fed.elf
.elf linux mipsel
4c677969cde4b12fede4247e99653415ccf938d98d4958d99af13193cefab844.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

LHjd.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 632KB - Virtual size: 632KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
57430074bee1e7a668e0ece81119fcc8595a70c8a0e6be3d98bf1cc455f4fd49.exe
.exe windows:5 windows x86 arch:x86

bf5a4aa99e5b160f8521cadd6bfe73b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Imports

kernel32

RaiseException
GetLastError
MultiByteToWideChar
lstrlenA
InterlockedDecrement
GetProcAddress
LoadLibraryA
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
Module32Next
CloseHandle
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
SetEndOfFile
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
HeapFree
GetProcessHeap
HeapAlloc
GetCommandLineA
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
ReadFile
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
FlushFileBuffers
SetFilePointer
SetHandleCount
GetFileType
GetStartupInfoA
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA

ole32

OleInitialize

oleaut32

SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayCreateVector
VariantClear
VariantInit
SysFreeString
SysAllocString

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
68a9e97be5bec9fba6108897ebef0a1f00dec90cf894071dc80ba0fed62a2999.exe
.exe windows:5 windows x64 arch:x64

b1c5b1beabd90d9fdabd1df0779ea832

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb

Imports

kernel32

LocalFree
GetLastError
SetLastError
FormatMessageW
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetCurrentProcessId
CreateDirectoryW
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetModuleFileNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
ExpandEnvironmentStringsW
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
GlobalMemoryStatusEx
LoadResource
SizeofResource
GetTimeFormatW
GetDateFormatW
GetExitCodeProcess
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetNumberFormatW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
GetStringTypeW
HeapReAlloc
LCMapStringW
FindFirstFileExA

oleaut32

SysAllocString
SysFreeString
VariantClear

gdiplus

GdipCloneImage
GdipFree
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipAlloc

Sections

.text
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7a976ca005082ab7acea1a46330935bfdfeedf70f37f1707122b7335fa7201ae.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 242KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
950908d3fcdebad1d68f28d7e05251fe94f15746e2105eb76335dabc3a1078a6.7z
.rar
SKGHM_PE_757583588358839538539599593BeoersKnucklehead.vbs
e0d349137260345e94ccb0f523cb839fce339e1ae6ef0fd86f6dcb0de29f2580.zip
.zip
CV Elena Alba Garcia.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

LHjd.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 632KB - Virtual size: 632KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f053e99abfffeab70d5839f46eb1b6338ddc77cb73ba1663c4f8968eab9d7a8c.z
.rar
TEKLİF TALEP VE FİYAT TEKLİFİ_xlxs.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fa396ba6c1ae4e9c786cff1a78012d86bd9a896f4999d4ba3b90864021fa806c.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 867KB - Virtual size: 867KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 21KB - Virtual size: 20KB

.rsrc Size: 5KB - Virtual size: 5KB

bf5a4aa99e5b160f8521cadd6bfe73b8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

oleaut32

Sections

.text Size: 102KB - Virtual size: 101KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 126KB - Virtual size: 125KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 234KB - Virtual size: 234KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 632KB - Virtual size: 632KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

bf5a4aa99e5b160f8521cadd6bfe73b8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

oleaut32

Sections

.text Size: 102KB - Virtual size: 101KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 129KB - Virtual size: 128KB

b1c5b1beabd90d9fdabd1df0779ea832

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

oleaut32

gdiplus

Sections

.text Size: 282KB - Virtual size: 281KB

.rdata Size: 74KB - Virtual size: 74KB

.data Size: 6KB - Virtual size: 57KB

.pdata Size: 12KB - Virtual size: 12KB

.didat Size: 1024B - Virtual size: 864B

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 64KB - Virtual size: 63KB

.text
Size: 21KB - Virtual size: 20KB

.rsrc
Size: 5KB - Virtual size: 5KB

.text
Size: 102KB - Virtual size: 101KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 126KB - Virtual size: 125KB

.text
Size: 234KB - Virtual size: 234KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 632KB - Virtual size: 632KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 102KB - Virtual size: 101KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 129KB - Virtual size: 128KB

.text
Size: 282KB - Virtual size: 281KB

.rdata
Size: 74KB - Virtual size: 74KB

.data
Size: 6KB - Virtual size: 57KB

.pdata
Size: 12KB - Virtual size: 12KB

.didat
Size: 1024B - Virtual size: 864B

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 64KB - Virtual size: 63KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 242KB - Virtual size: 242KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 632KB - Virtual size: 632KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 21KB - Virtual size: 20KB

.rsrc
Size: 5KB - Virtual size: 5KB

.text
Size: 867KB - Virtual size: 867KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B