Note[.]vhd | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Note.vhd
Size

6.0MB
MD5

5b6c6c67a52d18fdfbd0acce82944df4
SHA1

791c0a1683a850b93ccfc7d85d229eef2b73f0c2
SHA256

1dde36d69c7aad2d986e72dcc378c0953fe783c3c600ae75565fa765b71a57c9
SHA512

6c7200fe462f9236a36979c029f8cf3866f9bf7b3f086c8359ef33331d0cb9c8201fe77ec586c12a21d15ac714dc340af5ca457df25b67b994d23410135df905
SSDEEP

6144:jrZn7y/EGuH/cpibZkh1N8fRa429yoh3rtQ5kEdMPNArd+mw:3UDuH/c8tkh1NR4joh7q5COr

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/_/_/_/_/_/_/_/_/_/_/_/_/Gemail.exe
unpack002/_/_/_/_/_/_/_/_/_/_/_/_/kave8.dll

Files

Note.vhd
.vhd
out.vhd
.vhd
$RECYCLE.BIN/S-1-5-21-4225583169-3553244499-1582489431-1001/desktop.ini
Note US.lnk
.lnk
System Volume Information/IndexerVolumeGuid
System Volume Information/WPSettings.dat
_/_/_/_/_/_/_/_/_/_/_/_/Gemail.exe
.exe windows:6 windows x86 arch:x86

fe5fa2fad8a8ea3149c7e07af82de025

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\a\b\a_6F13CAD0_\b\out_Win32\Release\TestMon.pdb

Imports

kernel32

EnterCriticalSection
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
GetLastError
CloseHandle
DeleteCriticalSection
CreateSemaphoreA
GetModuleFileNameW
MultiByteToWideChar
GetProcAddress
FreeLibrary
LoadLibraryExW
WriteConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetConsoleCP
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetFileType
WideCharToMultiByte
CreateFileW
GetConsoleMode
SetConsoleMode
ReadConsoleInputW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetFileSizeEx
SetFilePointerEx
HeapSize
HeapReAlloc
DecodePointer

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
_/_/_/_/_/_/_/_/_/_/_/_/kave8.dll
.dll windows:5 windows x86 arch:x86

f000c650eb6212d35be922c8d59da6ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
HeapCreate
VirtualProtect
lstrlenW
GetModuleFileNameW
lstrlenA
lstrcatA
EnumSystemLocalesA
CopyFileA
LoadLibraryA
CloseHandle
FreeConsole
HeapAlloc
GetProcAddress
ExitProcess
CreateProcessA
CreateDirectoryA
CreateFileW
DecodePointer
WriteConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
RaiseException

shlwapi

PathRemoveFileSpecA

rpcrt4

UuidFromStringA

Exports

Exports

CreateInterface
DeleteInterface
kavef01
kavef02
kavef03
kavef04
kavef05
kavef06
kavef07
kavef08
kavef100
kavef101
kavef102
kavef103
kavef104
kavef105
kavef106
kavef107
kavef108
kavef109
kavef11
kavef110
kavef12
kavef13
kavef14
kavef15
kavef16
kavef17
kavef18
kavef19
kavef20
kavef200
kavef201
kavef202
kavef203
kavef204
kavef205
kavef206
kavef207
kavef208
kavef209
kavef21
kavef210
kavef211
kavef212
kavef213
kavef22
kavef23
kavef24
kavef25
kavef26
kavef27
kavef28
kavef29
kavef30
kavef300
kavef301
kavef302
kavef31
kavef32
kavef33
kavef34
kavef35
kavef36
kavef37
kavef38
kavef39
kavef40
kavef41
kavef42
kavef43
kavef44
kavef45
kavef46
kavef47
kavef48
kavef49
kavef50
kavef51
kavef52
kavef53
kavef54
kavef55
kavef56
kavef57
kavef58
kavef59
kavef60
kavef61
kavef62
kavef63
kavef64
kavef65
kavef66
kavef68
kavef69
kavef70
kavef71
kavef72
kavef73
kavef74
kavef75
kavef76
kavef77
kavef78
kavef79
kavef80
kavef81
kavef82
kavef83
kavef84
kavef85
kavef86
kavef87
kavef88
kavef89
kavef90
kavef91
kavef92
kavef93
kavef94
kavef95
kavef96
kavef97
kavef98
kavef99

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe5fa2fad8a8ea3149c7e07af82de025

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 77KB - Virtual size: 76KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 1024B - Virtual size: 968B

.reloc Size: 6KB - Virtual size: 5KB

f000c650eb6212d35be922c8d59da6ea

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shlwapi

rpcrt4

Exports

Exports

Sections

.text Size: 42KB - Virtual size: 42KB

.rdata Size: 56KB - Virtual size: 56KB

.data Size: 2KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 160B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 77KB - Virtual size: 76KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 1024B - Virtual size: 968B

.reloc
Size: 6KB - Virtual size: 5KB

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 56KB - Virtual size: 56KB

.data
Size: 2KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 160B

.reloc
Size: 5KB - Virtual size: 4KB