OverHon[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

OverHon.zip
Size

5.3MB
MD5

0de218c0aca8e631e2b495be59adac56
SHA1

14bf3d5e43ad852bcc1aa8069f990b4a49092eaa
SHA256

6a47116485dd5547f26d29e52204a35ceab3b87e368002764ab7b0b019ea2f91
SHA512

0349c6554c3514d435ba256fcfb10f1d37a4c5f1cb06620d8494ba23d306310686339a7262a9186204f2c4fd41528796519c00a36a40c17ff22d063905baa8a4
SSDEEP

98304:PsM4mGjW06bhLwwBeUR7HW5despyG3I5CnDEMalwAcfYYag:PsM4mGi06FLpbR7mJI5CNaz9YP

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/JeakV1.exe
unpack001/JeakV2.exe

Files

OverHon.zip
.zip

Password: 2727
Inf/ArOmodPpmk.xml
.xml
Inf/BHnfCNKJJr.xml
.xml
Inf/DbYgtRCNoe.xml
.xml
Inf/FLnwJaEDnM.xml
.xml
Inf/FcydhtoAxs.xml
.xml
Inf/FrzBQTmCSj.xml
.xml
Inf/HIuTTeBcCw.xml
.xml
Inf/IBwmVYGXmR/BbhEarEBHN.xml
.xml
Inf/IBwmVYGXmR/CWTlBZwakb.xml
.xml
Inf/IBwmVYGXmR/CZkFeZxJAo.xml
.xml
Inf/IBwmVYGXmR/ENhjUpGcDq.xml
.xml
Inf/IBwmVYGXmR/ErqNReLmpJ.xml
.xml
Inf/IBwmVYGXmR/FeozGtGNRG.xml
.xml
Inf/IBwmVYGXmR/IAtVjqCzGU.xml
.xml
Inf/IBwmVYGXmR/IwtCXSeAoo.xml
.xml
Inf/IBwmVYGXmR/JqPokhsyjl.xml
.xml
Inf/IBwmVYGXmR/LaoEVjhQFm.xml
.xml
Inf/IBwmVYGXmR/LoKvZQSnlo.xml
.xml
Inf/IBwmVYGXmR/NuYCtLKHmc.xml
.xml
Inf/IBwmVYGXmR/RFCkCqmOyr.xml
.xml
Inf/IBwmVYGXmR/SQKsWKeQhy.xml
.xml
Inf/IBwmVYGXmR/UVBgTqKnDt.xml
.xml
Inf/IBwmVYGXmR/VgZSggDbub.xml
.xml
Inf/IBwmVYGXmR/VqMkVsPevH.xml
.xml
Inf/IBwmVYGXmR/XCXytCEXGb.xml
.xml
Inf/IBwmVYGXmR/XRkuwngabJ.xml
.xml
Inf/IBwmVYGXmR/YOvHZQhNdN.xml
.xml
Inf/IBwmVYGXmR/azDDrgwmhF.xml
.xml
Inf/IBwmVYGXmR/dzxMyNjpKF.xml
.xml
Inf/IBwmVYGXmR/fKQukFJKtM.xml
.xml
Inf/IBwmVYGXmR/fWUzRHXUTz.xml
.xml
Inf/IBwmVYGXmR/ivcMhSCwYs.xml
.xml
Inf/IBwmVYGXmR/jeeMyFnHBD.xml
.xml
Inf/IBwmVYGXmR/oAfTLlbWer.xml
.xml
Inf/IBwmVYGXmR/oCLhEsZoos.xml
.xml
Inf/IBwmVYGXmR/oXwAxbxbUf.xml
.xml
Inf/IBwmVYGXmR/ozWdYdRkIE.xml
.xml
Inf/IBwmVYGXmR/sIoWuwPUub.xml
.xml
Inf/IBwmVYGXmR/tmUyYOMDpY.xml
.xml
Inf/IBwmVYGXmR/uHEBKfCkkt.xml
.xml
Inf/IBwmVYGXmR/uHvOcvAvUJ.xml
.xml
Inf/IBwmVYGXmR/vmWxhVrSJT.xml
.xml
Inf/IBwmVYGXmR/wGMDVIsMTk.xml
.xml
Inf/IBwmVYGXmR/wbfaKBWOrO.xml
.xml
Inf/IBwmVYGXmR/zYcLVYjJFU.xml
.xml
Inf/KDDRBNFFSw.xml
.xml
Inf/MTpWFDOfif.xml
.xml
Inf/NFZvMpoPqC.xml
.xml
Inf/NTFvZoreQG.xml
.xml
Inf/VGUpNYLWkW.xml
.xml
Inf/WLndXDbPuW.xml
.xml
Inf/bssBLEzzBW/BDacScqqFz.xml
.xml
Inf/bssBLEzzBW/CCWCAJWWCf.xml
.xml
Inf/bssBLEzzBW/CPvJyjWfYi.xml
.xml
Inf/bssBLEzzBW/DTfdASfrtb.xml
.xml
Inf/bssBLEzzBW/DaqylOrMst.xml
.xml
Inf/bssBLEzzBW/GeLiaZhJyM.xml
.xml
Inf/bssBLEzzBW/JWMAHhdyIH.xml
.xml
Inf/bssBLEzzBW/KwBdYlYYQb.xml
.xml
Inf/bssBLEzzBW/LhGSNVwtcC.xml
.xml
Inf/bssBLEzzBW/LssvcUzOEb.xml
.xml
Inf/bssBLEzzBW/OTlpbETStB.xml
.xml
Inf/bssBLEzzBW/QQMgRmFbBi.xml
.xml
Inf/bssBLEzzBW/QQXkowWaDA.xml
.xml
Inf/bssBLEzzBW/QrbXCIMJGG.xml
.xml
Inf/bssBLEzzBW/RKJUSjnKBR.xml
.xml
Inf/bssBLEzzBW/TKpSECKfgE.xml
.xml
Inf/bssBLEzzBW/UAqAZMfjLE.xml
.xml
Inf/bssBLEzzBW/VlHextqSBJ.xml
.xml
Inf/bssBLEzzBW/aTkfjJMxnD.xml
.xml
Inf/bssBLEzzBW/bOCTEmHbZZ.xml
.xml
Inf/bssBLEzzBW/dEXSLNOJOj.xml
.xml
Inf/bssBLEzzBW/emhygDoZoM.xml
.xml
Inf/bssBLEzzBW/fhvwZJgedn.xml
.xml
Inf/bssBLEzzBW/gkcCSfIgrF.xml
.xml
Inf/bssBLEzzBW/hZyvzUWOAc.xml
.xml
Inf/bssBLEzzBW/iBVoGappbq.xml
.xml
Inf/bssBLEzzBW/kZBqAEEwKi.xml
.xml
Inf/bssBLEzzBW/lOvTkLbQYX.xml
.xml
Inf/bssBLEzzBW/lUEhXjSVsa.xml
.xml
Inf/bssBLEzzBW/mxjRwSpyrH.xml
.xml
Inf/bssBLEzzBW/oOgmyRRLiK.xml
.xml
Inf/bssBLEzzBW/qjXDXHmXoi.xml
.xml
Inf/bssBLEzzBW/rIIZGaEMzq.xml
.xml
Inf/bssBLEzzBW/rNlYqCnsbH.xml
.xml
Inf/bssBLEzzBW/rmVgCwPoSK.xml
.xml
Inf/bssBLEzzBW/sNukRlwOKe.xml
.xml
Inf/bssBLEzzBW/swwWebsnle.xml
.xml
Inf/bssBLEzzBW/uQknksQuHk.xml
.xml
Inf/bssBLEzzBW/vUWqgATzjV.xml
.xml
Inf/bssBLEzzBW/veayBKrWJK.xml
.xml
Inf/bssBLEzzBW/wnCfTbgSuH.xml
.xml
Inf/bssBLEzzBW/wphpEBJeZS.xml
.xml
Inf/bssBLEzzBW/zOjOCWlJBu.xml
.xml
Inf/bssBLEzzBW/zaJPIoUwHB.xml
.xml
Inf/cIhviDYIiC.xml
.xml
Inf/dMOjnckDzL.xml
.xml
Inf/kqAcHHNKYf.xml
.xml
Inf/meQsVFkglK.xml
.xml
Inf/pXCZPZLsUQ/CHbAtBQLkH.xml
.xml
Inf/pXCZPZLsUQ/IevxWQyoAP.xml
.xml
Inf/pXCZPZLsUQ/MCcTIdZLgw.xml
.xml
Inf/pXCZPZLsUQ/NLUQePfsqs.xml
.xml
Inf/pXCZPZLsUQ/OkACQiAtec.xml
.xml
Inf/pXCZPZLsUQ/PFjkExCyHU.xml
.xml
Inf/pXCZPZLsUQ/ZZSOzIQNuU.xml
.xml
Inf/pXCZPZLsUQ/cFpfzuMqTk.xml
.xml
Inf/pXCZPZLsUQ/usUeadhvAm.xml
.xml
Inf/pXCZPZLsUQ/xGvjuZoNFu.xml
.xml
Inf/rAbiWpfcTj/AJjzmIxhUZ.xml
.xml
Inf/rAbiWpfcTj/BZfKyrlTKA.xml
.xml
Inf/rAbiWpfcTj/CqrNalJPOB.xml
.xml
Inf/rAbiWpfcTj/EsffZihJZZ.xml
.xml
Inf/rAbiWpfcTj/FNYINZltSF.xml
.xml
Inf/rAbiWpfcTj/GQrtJDXnJS.xml
.xml
Inf/rAbiWpfcTj/GmXxKFnuFo.xml
.xml
Inf/rAbiWpfcTj/HnApQOMAzI.xml
.xml
Inf/rAbiWpfcTj/IcgBYEEWjN.xml
.xml
Inf/rAbiWpfcTj/IhYXpRjEXW.xml
.xml
Inf/rAbiWpfcTj/JEdDKeywAp.xml
.xml
Inf/rAbiWpfcTj/KJSZjXdydj.xml
.xml
Inf/rAbiWpfcTj/KdVKCKdeIL.xml
.xml
Inf/rAbiWpfcTj/NnSsWsJPHv.xml
.xml
Inf/rAbiWpfcTj/OCuIMXiNDu.xml
.xml
Inf/rAbiWpfcTj/OJVUTxmWim.xml
.xml
Inf/rAbiWpfcTj/PGAeCaIDts.xml
.xml
Inf/rAbiWpfcTj/RFNqRsAoML.xml
.xml
Inf/rAbiWpfcTj/SdJNsAbiLE.xml
.xml
Inf/rAbiWpfcTj/SfpBrYJrwv.xml
.xml
Inf/rAbiWpfcTj/SyqMpCWkLG.xml
.xml
Inf/rAbiWpfcTj/UsASlThKug.xml
.xml
Inf/rAbiWpfcTj/VIVPYqCtWC.xml
.xml
Inf/rAbiWpfcTj/XTuIKFknRG.xml
.xml
Inf/rAbiWpfcTj/ZhRrmbQjyz.xml
.xml
Inf/rAbiWpfcTj/cOoumNHvlb.xml
.xml
Inf/rAbiWpfcTj/cVhHxZFsYR.xml
.xml
Inf/rAbiWpfcTj/ctDgqpXWnA.xml
.xml
Inf/rAbiWpfcTj/fHIuRAcWrI.xml
.xml
Inf/rAbiWpfcTj/ffJlfkBtqW.xml
.xml
Inf/rAbiWpfcTj/fyTwFVWuvY.xml
.xml
Inf/rAbiWpfcTj/gJdnVAHIkB.xml
.xml
Inf/rAbiWpfcTj/gzUTDBmYdN.xml
.xml
Inf/rAbiWpfcTj/jdytoxTepW.xml
.xml
Inf/rAbiWpfcTj/kLeCFnSqMp.xml
.xml
Inf/rAbiWpfcTj/mUtWQVUjBM.xml
.xml
Inf/rAbiWpfcTj/mlkcyVcHsN.xml
.xml
Inf/rAbiWpfcTj/moZyPLWaYk.xml
.xml
Inf/rAbiWpfcTj/mquHaapswr.xml
.xml
Inf/rAbiWpfcTj/ojNpkFFfBk.xml
.xml
Inf/rAbiWpfcTj/owVbDYfrMm.xml
.xml
Inf/rAbiWpfcTj/qChOAMdkPB.xml
.xml
Inf/rAbiWpfcTj/rjXexwYxaR.xml
.xml
Inf/rAbiWpfcTj/slryeVaMss.xml
.xml
Inf/rAbiWpfcTj/uVWSlIkzhF.xml
.xml
Inf/rAbiWpfcTj/wOaILCcPam.xml
.xml
Inf/rAbiWpfcTj/xLfANKTPMY.xml
.xml
Inf/rAbiWpfcTj/zRNjCdcYbu.xml
.xml
Inf/rAbiWpfcTj/zvJZZdZhkm.xml
.xml
Inf/uYESqDokgU/BMeZgogNNw.xml
.xml
Inf/uYESqDokgU/CxZLYiHshL.xml
.xml
Inf/uYESqDokgU/EBBjHNpjWx.xml
.xml
Inf/uYESqDokgU/LPflHZsnEL.xml
.xml
Inf/uYESqDokgU/LqQXBnVGsK.xml
.xml
Inf/uYESqDokgU/NaoqiUZuKE.xml
.xml
Inf/uYESqDokgU/OeMgMFdTad.xml
.xml
Inf/uYESqDokgU/TprypMCRph.xml
.xml
Inf/uYESqDokgU/UtzTQRMopq.xml
.xml
Inf/uYESqDokgU/VDoxwapMGM.xml
.xml
Inf/uYESqDokgU/fRqNoPgyNj.xml
.xml
Inf/uYESqDokgU/fsgGqpIVkZ.xml
.xml
Inf/uYESqDokgU/hGRmLgTMTh.xml
.xml
Inf/uYESqDokgU/iJzfppRslF.xml
.xml
Inf/uYESqDokgU/iRmvXAhUvy.xml
.xml
Inf/uYESqDokgU/iTlRxAvRpV.xml
.xml
Inf/uYESqDokgU/igzxgFHPfA.xml
.xml
Inf/uYESqDokgU/lUQOzzDYET.xml
.xml
Inf/uYESqDokgU/liiivuJvmE.xml
.xml
Inf/uYESqDokgU/pJRVEdsRQe.xml
.xml
Inf/uYESqDokgU/pqQqoLrGVc.xml
.xml
Inf/uYESqDokgU/ptqhgeGOJS.xml
.xml
Inf/uYESqDokgU/ruOjOpKiKe.xml
.xml
Inf/uYESqDokgU/sJFqqQmQAF.xml
.xml
Inf/uYESqDokgU/sQmvLREaiR.xml
.xml
Inf/uYESqDokgU/ukXxGPdtWk.xml
.xml
Inf/uYESqDokgU/wviGKEwFaQ.xml
.xml
Inf/uYESqDokgU/xRgZXikcsQ.xml
.xml
Inf/uYESqDokgU/xgthuogXyF.xml
.xml
Inf/wvloMvjkLQ.xml
.xml
Inf/zwOMDRjLyT.xml
.xml
JeakV1.exe
.exe windows:4 windows x86 arch:x86

Password: 2727

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 634KB - Virtual size: 634KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
JeakV2.exe
.exe windows:4 windows x86 arch:x86

Password: 2727

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 571KB - Virtual size: 570KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cacert.pem
icudtl.dat
interface.json

Sharing

General

Malware Config

Signatures

Files

Password: 2727

Password: 2727

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 634KB - Virtual size: 634KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: 2727

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 571KB - Virtual size: 570KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 634KB - Virtual size: 634KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 571KB - Virtual size: 570KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B