brv[.]hta | Triage

Resubmissions

03/09/2024, 15:34

240903-sz9esa1glh 3

Sharing

Copy URL Twitter E-mail

General

Target

brv.hta
Size

336KB
MD5

1d11d54c022cde324a8a83295bab011c
SHA1

32e965d7933c531f618d98780c6d0f21783488d1
SHA256

8b962243c266f74168cd52bd8f58ee1721fead0874963aaa255d238c7c3b4abe
SHA512

d1277c846946a3bc18ee5eec63ed12e31ab3763f1c172f5660be8843c46e587a2c46fb12ae46661908e4cee63295dabf8798dfc97b61f7aac4f05cc01960743c
SSDEEP

6144:0VYIbMos9I7CVYIbMos9I7O4lJaKqcZMVYIbMos9I7sVYIbMos9I7:0VYIoos9I7CVYIoos9I7O4lJaKqcZMVG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
brv.hta

Files

brv.hta
.exe windows:10 windows x86 arch:x86

f80bc97436232f135d9706a88c8c960e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

nslookup.pdb

Imports

msvcrt

exit
perror
fclose
fflush
sscanf_s
sprintf_s
putchar
gmtime
strcat_s
__set_app_type
system
strchr
strcpy_s
putc
__setusermatherr
__getmainargs
_vsnprintf
fputc
_exit
_cexit
_amsg_exit
__p__commode
fopen
strncpy_s
_strnicmp
fgets
strncmp
isspace
__p__fmode
memcpy
malloc
fread
_XcptFilter
free
printf
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_initterm
fputs
fwrite
fprintf
getc
_write
realloc
ferror
getenv
__iob_func
memset

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSetInformation
GetProcessHeap
HeapFree

ws2_32

getprotobynumber
getservbyport
WSAGetLastError
ntohs
select
htonl
gethostname
getaddrinfo
WSAStartup
inet_ntoa
freeaddrinfo
send
closesocket
socket
connect
recv
htons

crypt32

CryptBinaryToStringA

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

dnsapi

DnsQueryConfigAllocEx
DnsFreeConfigStructure

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
FormatMessageA

api-ms-win-core-registry-l1-1-0

RegCloseKey

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsA

mswsock

s_perror

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

ntdll

NtQueryValueKey
RtlInitString
RtlUnicodeStringToAnsiString
RtlFreeUnicodeString
NtOpenKey
RtlAllocateHeap
RtlAnsiStringToUnicodeString
RtlIpv6StringToAddressExA
RtlIpv4StringToAddressA
RtlIpv6AddressToStringA
RtlFreeHeap

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

f80bc97436232f135d9706a88c8c960e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-heap-l1-1-0

ws2_32

crypt32

api-ms-win-core-errorhandling-l1-1-0

dnsapi

api-ms-win-core-localization-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

mswsock

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

ntdll

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-apiquery-l1-1-0

Sections

.text Size: 47KB - Virtual size: 46KB

.data Size: 14KB - Virtual size: 18KB

.idata Size: 3KB - Virtual size: 3KB

.didat Size: 512B - Virtual size: 8B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 47KB - Virtual size: 46KB

.data
Size: 14KB - Virtual size: 18KB

.idata
Size: 3KB - Virtual size: 3KB

.didat
Size: 512B - Virtual size: 8B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 3KB - Virtual size: 3KB