asyncrat | Business Secrets from the Bible - Rabbi Daniel Lapin[:]Business Secrets from the Bible - Rabbi Daniel Lapin[.]rar

Resubmissions

21/01/2025, 11:11

250121-narffszrcw 3

11/07/2024, 09:15

240711-k7ydgszcql 10

Sharing

Copy URL Twitter E-mail

General

Target

Business Secrets from the Bible - Rabbi Daniel Lapin:Business Secrets from the Bible - Rabbi Daniel Lapin.rar
Size

14.7MB
MD5

9627cc4cc31f3cb951c6ceb73a081a34
SHA1

fc8ea2d0aadf4a6ff2672679fa0042a010264ea9
SHA256

c1e3d43e047756db85237b9c758544154708efb4e78c08a455b951b880aef9d5
SHA512

00fabc91f787e80904278e7e353e20a53b89356fcfe93ad29b2bb7a77bc0be0c0ebf7966974263a3ee5c3f65a2ea08d205934de1f030b051a6de8bf536c5a8d4
SSDEEP

393216:zI3RjLu5HveTLr6j4bCGVlCOEB+H3h0r48haAdQox:zIhj+G3rDRs+Hy48zdQ0

Score

10^/10

qr link (_!_d@ys_!_)asyncrat

Malware Config

Extracted

Family

asyncrat

Version

RIMAWI 1.0.2.9

Botnet

(_!_D@YS_!_)

127.0.0.1:36365

Mutex

AZSXDCFVGBHNqwertyui

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Signatures

Asyncrat family
asyncrat
One or more HTTP URLs in qr code identified
Detects presence of HTTP links in QR codes.
qr link

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack003/AutoHotkey.exe
unpack004/VideoVLC_subtitles.exe

Files

Business Secrets from the Bible - Rabbi Daniel Lapin:Business Secrets from the Bible - Rabbi Daniel Lapin.rar
.rar
Business Secrets from the Bible - Rabbi Daniel Lapin/6546/4.mkv
.rar
NTUSER.BAT{428f9636-1254-e23e3-ada2-03427pie23}.TM.VBS
.vbs
NTUSER.BAT{428f9636-1254-ee23-ada2-080027dede23}.TM.bat
.bat .vbs
NTUSER.DAT{4280000a-1254-11ef-ada2-080007dede23}.TM.blf
NTUSER.DAT{428f1209-1254-11ef-ada2-080027dede23}.TxR.1.ps1
.ps1
NTUSER.DAT{428f1209-1254-13ef-ada4-080027dede23}.TxR.blf
NTUSER.DAT{428f120a-1254-eeeef-ada2-080027dede23}.TM.blf
NTUSER.DAT{428f4444a-13354-11ef-sdd2-080027dede23}.TM.blf
Business Secrets from the Bible - Rabbi Daniel Lapin/6546/5.mkv
.rar
AutoHotkey.exe
.exe windows:5 windows x86 arch:x86

110b84147f78faa83fe4a0b58cab11bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

recv
socket
getservbyname
WSASetLastError
closesocket
gethostbyaddr
gethostbyname
send
WSAAsyncSelect
WSACleanup
gethostname
inet_ntoa
connect
inet_addr
WSAStartup
ioctlsocket
htonl
WSAGetLastError
htons
ntohs
shutdown
getservbyport

winmm

mixerClose
mixerGetLineControlsW
mixerGetLineInfoW
mixerSetControlDetails
waveOutGetVolume
waveOutSetVolume
mixerGetDevCapsW
mixerOpen
mixerGetControlDetailsW
mciSendStringW
joyGetDevCapsW
joyGetPosEx

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

comctl32

ImageList_GetIconSize
ImageList_Create
ImageList_Destroy
ImageList_AddMasked
ImageList_ReplaceIcon
CreateStatusWindowW
InitCommonControlsEx

psapi

GetModuleBaseNameW
GetModuleFileNameExW

kernel32

OutputDebugStringW
WideCharToMultiByte
GetSystemDirectoryA
GetProcAddress
LoadLibraryA
GetCurrentThreadId
lstrcmpiW
CreateThread
SetThreadPriority
GetExitCodeThread
CloseHandle
CreateMutexW
GetLastError
GetModuleHandleW
GetVersionExW
DeleteCriticalSection
GetModuleFileNameW
GetFileAttributesW
GetFullPathNameW
GetSystemTimeAsFileTime
FindFirstFileW
FindNextFileW
FindClose
FileTimeToLocalFileTime
SetEnvironmentVariableW
Beep
MoveFileW
CreateProcessW
MultiByteToWideChar
GetExitCodeProcess
WriteProcessMemory
ReadProcessMemory
GetCurrentProcessId
OpenProcess
TerminateProcess
SetPriorityClass
SetLastError
GetLocalTime
GetDateFormatW
GetTimeFormatW
GetDiskFreeSpaceW
SetVolumeLabelW
CreateFileW
DeviceIoControl
GetDriveTypeW
FreeLibrary
CreateDirectoryW
ReadFile
WriteFile
DeleteFileW
CopyFileW
SetFileAttributesW
LocalFileTimeToFileTime
SetFileTime
GetFileSizeEx
GetSystemTime
GetSystemDefaultUILanguage
GetComputerNameW
GetWindowsDirectoryW
GetTempPathW
GetShortPathNameW
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
VirtualProtect
QueryDosDeviceW
CompareStringW
RemoveDirectoryW
GetCurrentProcess
FormatMessageW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
WritePrivateProfileSectionW
SetEndOfFile
GetACP
GetFileType
GetStdHandle
SetFilePointerEx
SystemTimeToFileTime
FileTimeToSystemTime
GetFileSize
VirtualAllocEx
VirtualFreeEx
EnumResourceNamesW
LoadLibraryExW
FindResourceW
LoadResource
LockResource
SizeofResource
GlobalSize
GetEnvironmentVariableW
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
GetCurrentDirectoryW
SetErrorMode
InitializeCriticalSection
GetCPInfo
SetCurrentDirectoryW
Sleep
GetTickCount
MulDiv
InterlockedIncrement
InterlockedDecrement
GetOEMCP
IsValidCodePage
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
HeapSize
HeapQueryInformation
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStringTypeW
HeapCreate
InitializeCriticalSectionAndSpinCount
RaiseException
SetHandleCount
IsProcessorFeaturePresent
RtlUnwind
SetFilePointer
LCMapStringW
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetProcessHeap
GetVolumeInformationW
VirtualQuery

user32

IsIconic
RegisterWindowMessageW
GetSysColor
GetSysColorBrush
DrawIconEx
FillRect
DefWindowProcW
SetForegroundWindow
DialogBoxParamW
SendDlgItemMessageW
GetDlgItem
SetDlgItemTextW
IsWindowEnabled
MessageBeep
ClientToScreen
GetCursor
GetLastInputInfo
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuStringW
ExitWindowsEx
SetMenu
FlashWindow
MapWindowPoints
RedrawWindow
SetParent
GetClassInfoExW
GetAncestor
UpdateWindow
GetMessagePos
GetClassLongW
DefDlgProcW
CallWindowProcW
CheckRadioButton
IntersectRect
PtInRect
CreateAcceleratorTableW
DestroyAcceleratorTable
AppendMenuW
SetMenuDefaultItem
RemoveMenu
SetMenuItemInfoW
IsMenu
CreateMenu
CreatePopupMenu
SetMenuInfo
DestroyMenu
TrackPopupMenuEx
CreateIconIndirect
GetDesktopWindow
CopyImage
CreateIconFromResourceEx
EnumClipboardFormats
GetWindow
BringWindowToTop
GetTopWindow
IsZoomed
SystemParametersInfoW
AdjustWindowRectEx
DrawTextW
SetRect
GetIconInfo
SetWindowTextW
IsWindowVisible
GetMenu
CheckMenuItem
LoadImageW
EnableMenuItem
ChangeClipboardChain
GetQueueStatus
LoadAcceleratorsW
CreateWindowExW
RegisterClassExW
LoadCursorW
DestroyIcon
DestroyWindow
IsCharAlphaW
MapVirtualKeyW
MapVirtualKeyExW
VkKeyScanExW
GetWindowTextW
mouse_event
WindowFromPoint
GetSystemMetrics
keybd_event
SetKeyboardState
GetKeyboardState
GetCursorPos
GetAsyncKeyState
AttachThreadInput
UnregisterHotKey
RegisterHotKey
PostQuitMessage
SendMessageTimeoutW
UnhookWindowsHookEx
SetWindowsHookExW
PostThreadMessageW
IsCharUpperW
IsCharLowerW
IsCharAlphaNumericW
ToUnicodeEx
GetKeyboardLayout
CallNextHookEx
CharLowerW
ReleaseDC
GetDC
MessageBoxW
OpenClipboard
GetClipboardData
GetClipboardFormatNameW
CloseClipboard
SetClipboardData
EmptyClipboard
PostMessageW
EnumWindows
GetWindowTextLengthW
EnableWindow
InvalidateRect
SetLayeredWindowAttributes
SetWindowPos
SetWindowRgn
SetFocus
GetGUIThreadInfo
SetActiveWindow
EnumChildWindows
MoveWindow
FindWindowW
EndDialog
IsWindow
DispatchMessageW
TranslateMessage
ShowWindow
CountClipboardFormats
SetWindowLongW
ScreenToClient
IsDialogMessageW
SendMessageW
GetWindowLongW
GetKeyState
TranslateAcceleratorW
KillTimer
PeekMessageW
GetFocus
GetClassNameW
GetWindowThreadProcessId
GetForegroundWindow
GetMessageW
SetTimer
GetParent
GetDlgCtrlID
CharUpperW
IsClipboardFormatAvailable
GetWindowRect
SetClipboardViewer
GetClientRect
SendInput

gdi32

SetBkColor
GdiFlush
CreateDIBSection
GetPixel
BitBlt
CreateCompatibleBitmap
GetSystemPaletteEntries
EnumFontFamiliesExW
SetBkMode
GetCharABCWidthsW
GetClipBox
FillRgn
GetClipRgn
ExcludeClipRect
GetDeviceCaps
DeleteObject
CreateFontW
CreateSolidBrush
GetDIBits
CreateCompatibleDC
CreatePolygonRgn
CreateRectRgn
CreateRoundRectRgn
CreateEllipticRgn
DeleteDC
GetObjectW
GetTextMetricsW
GetTextFaceW
SelectObject
GetStockObject
CreateDCW
SetTextColor

comdlg32

CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW

advapi32

LockServiceDatabase
CloseServiceHandle
UnlockServiceDatabase
OpenSCManagerW
GetUserNameW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegConnectRegistryW
RegCloseKey
RegOpenKeyExW
OpenProcessToken

shell32

DragQueryPoint
SHFileOperationW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetDesktopFolder
SHGetMalloc
SHGetFolderPathW
ShellExecuteExW
Shell_NotifyIconW
DragFinish
DragQueryFileW
ExtractIconW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromString
CoGetObject
StringFromGUID2
CreateStreamOnHGlobal

oleaut32

SafeArrayDestroy
GetActiveObject
SysStringLen
SysFreeString
SafeArrayCreate
VariantClear
VariantChangeType
SysAllocString
SafeArrayCopy
VariantCopyInd
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayLock
SafeArrayPtrOfIndex
SafeArrayUnlock
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayUnaccessData
OleLoadPicture

Sections

.text
Size: 697KB - Virtual size: 697KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
NTUSER.ahk{428f9636-1254-e23e3-ada2-03427pie22}.TM.ahk
NTUSER.bat{428f9636-1254-e23e3-ada2-03427pie22}.TM.bat
.bat .vbs
NTUSER.vbs{428f9636-1254-e23e3-ada2-03427pie22}.TM.vbs
.vbs
Business Secrets from the Bible - Rabbi Daniel Lapin/6546/8.mkv
.zip
VideoVLC_Subtitle.ps1
.ps1
VideoVLC_subtitles.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 20.4MB - Virtual size: 20.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Business Secrets from the Bible - Rabbi Daniel Lapin/6546/Business Secrets from the Bible - Rabbi Daniel Lapin.epub
.zip
META-INF/container.xml
OPS/WileyTemplate_v5.5.css
OPS/b01.xhtml
.html
OPS/b02.xhtml
.html
OPS/b03.xhtml
.html
OPS/b04.xhtml
.html
OPS/c01.xhtml
.html
OPS/c02.xhtml
.html
OPS/c03.xhtml
.html
OPS/c04.xhtml
.html
OPS/c05.xhtml
.html
OPS/c06.xhtml
.html
OPS/c07.xhtml
.html
OPS/c08.xhtml
.html
OPS/c09.xhtml
.html
OPS/c10.xhtml
.html
OPS/c11.xhtml
.html
OPS/c12.xhtml
.html
OPS/c13.xhtml
.html
OPS/c14.xhtml
.html
OPS/c15.xhtml
.html
OPS/c16.xhtml
.html
OPS/c17.xhtml
.html
OPS/c18.xhtml
.html
OPS/c19.xhtml
.html
OPS/c20.xhtml
.html
OPS/c21.xhtml
.html
OPS/c22.xhtml
.html
OPS/c23.xhtml
.html
OPS/c24.xhtml
.html
OPS/c25.xhtml
.html
OPS/c26.xhtml
.html
OPS/c27.xhtml
.html
OPS/c28.xhtml
.html
OPS/c29.xhtml
.html
OPS/c30.xhtml
.html
OPS/c31.xhtml
.html
OPS/c32.xhtml
.html
OPS/c33.xhtml
.html
OPS/c34.xhtml
.html
OPS/c35.xhtml
.html
OPS/c36.xhtml
.html
OPS/c37.xhtml
.html
OPS/c38.xhtml
.html
OPS/c39.xhtml
.html
OPS/c40.xhtml
.html
OPS/content.opf
OPS/cover.xhtml
.html
OPS/eula.xhtml
.html
OPS/f01.xhtml
.html
OPS/f02.xhtml
.html
OPS/f03.xhtml
.html
OPS/f04.xhtml
.html
OPS/images/9781394215898.jpg
.jpg
OPS/images/PublisherAdPages2024_Page01.png
.png
- https://www.wehappywarriors.com/email-list-opt-in
OPS/images/PublisherAdPages2024_Page02.png
.png
- https://www.wehappywarriors.com/offers/wqVmhjRm
OPS/images/PublisherAdPages2024_Page03.png
.png
- http://www.wehappywarriors.com/book-of-ruth-free-lesson-signup
- https://www.wehappywarriors.com/the-gathering-storm
OPS/images/PublisherAdPages2024_Page04.png
.png
OPS/images/PublisherAdPages2024_Page05.png
.png
OPS/images/badverti001.png
.png
OPS/images/badvertuf001.png
.png
OPS/images/c10uf001.png
.png
OPS/images/c10uf002.png
.png
OPS/images/c24uf001.png
.png
OPS/images/icon.png
.png
OPS/images/logo.png
.png
OPS/index.css
OPS/navigation.xhtml
.html
OPS/toc.ncx
.xml
mimetype
Business Secrets from the Bible - Rabbi Daniel Lapin/Business Secrets from the Bible - Rabbi Daniel Lapin.lnk
.lnk
Business Secrets from the Bible - Rabbi Daniel Lapin/RM.TXT

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

110b84147f78faa83fe4a0b58cab11bd

Headers

File Characteristics

Imports

wsock32

winmm

version

comctl32

psapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 697KB - Virtual size: 697KB

.rdata Size: 149KB - Virtual size: 149KB

.data Size: 12KB - Virtual size: 39KB

.rsrc Size: 37KB - Virtual size: 37KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 20.4MB - Virtual size: 20.4MB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 697KB - Virtual size: 697KB

.rdata
Size: 149KB - Virtual size: 149KB

.data
Size: 12KB - Virtual size: 39KB

.rsrc
Size: 37KB - Virtual size: 37KB

.text
Size: 20.4MB - Virtual size: 20.4MB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B