agenttesla | 975ec4a6250960b45606ce9c155560c3283a3df4ffab69ec81f8cabdbc714b0e

Sharing

Copy URL

Twitter E-mail

General

Target

975ec4a6250960b45606ce9c155560c3283a3df4ffab69ec81f8cabdbc714b0e
Size

7.0MB
MD5

5d38df343650fc8ffb48fd7b2d9ab480
SHA1

6dc3380f3952d06e446a10819a17196366221f1c
SHA256

975ec4a6250960b45606ce9c155560c3283a3df4ffab69ec81f8cabdbc714b0e
SHA512

202f2e6920d09c946408ac19922797a8cebda81417d82b5085a2d5be17b857d215d8ab29bbee4619c18657242f75059796cc4f59c07f07fd145ea722867a8acf
SSDEEP

196608:MSm1UwXO5KKD++70lt0qpFalPd1ULrE+B8hBEAYJJn6UOmp:y1U5KKD+jjRpFMArE+ByErJJn6UO6

Score

10^/10

epoch2 agenttesla emotet

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
s1.20mb.nl
Port:
587
Username:
[email protected]
Password:
Regina8712
Email To:
[email protected]

Extracted

Family

emotet

5.189.160.61:443

94.177.178.26:8080

202.29.239.162:443

54.38.143.246:7080

119.59.125.140:8080

185.148.168.15:8080

188.166.229.148:443

2.58.16.87:8080

104.131.62.48:8080

103.82.248.59:7080

37.59.209.141:8080

103.133.214.242:8080

195.77.239.39:8080

128.199.192.135:8080

78.47.204.80:443

59.148.253.194:443

87.106.97.83:7080

45.71.195.104:8080

85.214.67.203:8080

139.196.72.155:8080

Extracted

Family

emotet

Botnet

Epoch2

69.38.130.14:80

195.159.28.230:8080

162.241.204.233:8080

181.165.68.127:80

49.205.182.134:80

190.251.200.206:80

139.59.60.244:8080

119.59.116.21:8080

89.216.122.92:80

185.94.252.104:443

70.92.118.112:80

78.24.219.147:8080

173.70.61.180:80

87.106.139.101:8080

66.57.108.14:443

24.179.13.119:80

121.124.124.40:7080

61.19.246.238:443

200.116.145.225:443

93.146.48.84:80

rsa_pubkey.plain

Signatures

AgentTesla payload 1 IoCs

resource	yara_rule
static1/unpack005/bea9fc669319cd16df759974397e79c05e7565e75ca7c052af346e08b5f1d13a.exe	family_agenttesla

Agenttesla family
agenttesla
Emotet family
emotet

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack002/0864575d4f487e52a1479c61c2c4ad16742d92e16d0c10f5ed2b40506bbc6ca0.dll
unpack003/933511776c5c34172b315807d11ecdd0c802f94492cace5c7127d1ddf47b2c82
unpack004/62bc8624b6ed645ddbe1420ca67376863c88e58e347fc8282001a2b9e3330918
unpack005/bea9fc669319cd16df759974397e79c05e7565e75ca7c052af346e08b5f1d13a.exe
unpack006/emotet_exe_e5_53d5a86b1cb032154775e725ed728ba4bd819d40f3a541744661fcbd4d702319_2022-04-19__000144._exe
unpack007/3ec811757abece5eeb8d73fce8770390b5714b16e075c2558de050205cd8c8e9.exe
unpack008/57800373ef6281de3f09ea995703c2307c548717622244573a76e843a9c7b115
unpack009/61a47ebee921db8a16a8f070edcb86b5efd47a8d185bf4691b57e76f697981f9.bin

Files

975ec4a6250960b45606ce9c155560c3283a3df4ffab69ec81f8cabdbc714b0e
.zip
0864575d4f487e52a1479c61c2c4ad16742d92e16d0c10f5ed2b40506bbc6ca0.zip
.zip

Password: infected
0864575d4f487e52a1479c61c2c4ad16742d92e16d0c10f5ed2b40506bbc6ca0.dll
.dll windows:5 windows x86 arch:x86

cd8ebea09892dc08987d62be19403754

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetUpdateRect
IsWindowEnabled
GetKeyboardLayoutNameW
ShowOwnedPopups
InvertRect

setupapi

SetupVerifyInfFileW
SetupDiGetClassDevsW

gdi32

GetPath
GetEnhMetaFilePaletteEntries

advapi32

SetEntriesInAclW
GetSidIdentifierAuthority
RegCloseKey

shlwapi

PathCompactPathW

kernel32

SizeofResource
GetProfileStringA
CommConfigDialogW
CreateMutexW
GetGeoInfoW
GetModuleFileNameA
DebugActiveProcess
GetStringTypeExW
GetNumaHighestNodeNumber
WriteProfileStringA

rpcrt4

RpcStringBindingComposeW

winspool.drv

GetPrinterDriverW

ole32

CoRegisterClassObject
OleQueryLinkFromData
STGMEDIUM_UserFree

winscard

SCardIntroduceCardTypeW

version

VerQueryValueW

wintrust

CryptCATAdminRemoveCatalog
WintrustGetDefaultForUsage

winmm

mixerGetLineInfoW

msvcrt

memset

Exports

Exports

RoonlpvfdRoomvlof

Sections

.text
Size: 25KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.crt
Size: 65KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
220112-dmhzqsbabn_pw_infected.zip
.zip

Password: infected
933511776c5c34172b315807d11ecdd0c802f94492cace5c7127d1ddf47b2c82
.dll regsvr32 windows:5 windows x86 arch:x86

d986dd84d593c1266f1531c47644f308

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetFileType
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
SetHandleCount
GetStdHandle
HeapDestroy
HeapCreate
HeapSize
VirtualQuery
HeapReAlloc
GetSystemInfo
ExitProcess
Sleep
GetCommandLineA
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
RtlUnwind
GetTickCount
GetModuleHandleW
GetFileSizeEx
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetOEMCP
GetCPInfo
CreateFileA
GetShortPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
lstrcmpiA
GetThreadLocale
GetStringTypeExA
DeleteFileA
MoveFileA
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
InterlockedDecrement
GetCurrentDirectoryA
FormatMessageA
LocalFree
MulDiv
GetDiskFreeSpaceA
GetFullPathNameA
GetTempFileNameA
GetFileTime
SetFileTime
GetFileAttributesA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
lstrlenA
GlobalGetAtomNameA
GlobalFindAtomA
MultiByteToWideChar
lstrcmpW
GetVersionExA
GlobalUnlock
GlobalFree
FreeResource
GetCurrentProcessId
GetLastError
GlobalAddAtomA
CloseHandle
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
WideCharToMultiByte
CompareStringA
FindResourceA
LoadResource
LockResource
SizeofResource
InterlockedExchange
GlobalLock
lstrcmpA
GlobalAlloc
GetModuleHandleA
GetNativeSystemInfo
HeapAlloc
GetProcessHeap
HeapFree
FreeLibrary
GetProcAddress
LoadLibraryA
IsBadReadPtr
VirtualProtect
SetLastError
VirtualAlloc
VirtualFree
SetStdHandle

user32

SetWindowRgn
DrawIcon
MessageBeep
GetNextDlgGroupItem
SetCapture
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableA
CharNextA
GetMenuItemInfoA
InflateRect
CharUpperA
DestroyIcon
GetSysColorBrush
DeleteMenu
IsZoomed
LoadCursorA
DestroyCursor
EndPaint
BeginPaint
GetWindowDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
GetMenuStringA
AppendMenuA
InsertMenuA
RemoveMenu
SetRect
UnpackDDElParam
ReuseDDElParam
LoadMenuA
DestroyMenu
ReleaseCapture
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
SetRectEmpty
BringWindowToTop
TranslateAcceleratorA
SetWindowContextHelpId
MapDialogRect
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
RegisterWindowMessageA
LoadIconA
CreateMenu
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
GetClientRect
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
PtInRect
GetDlgCtrlID
UpdateWindow
EnableWindow
WindowFromDC
GetWindowRect
InvalidateRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindow
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
PostThreadMessageA
GetTabbedTextExtentA
WindowFromPoint
RegisterClipboardFormatA
SendDlgItemMessageA
SetTimer
KillTimer
PostQuitMessage
PostMessageA
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
SendMessageA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
SetCursor
ShowOwnedPopups
MessageBoxA
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetWindowThreadProcessId
EndDialog
GetNextDlgTabItem
GetDlgItem
IsWindow
DestroyWindow
ReleaseDC

gdi32

GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ExtSelectClipRgn
CreatePatternBrush
GetStockObject
GetViewportExtEx
GetViewportOrgEx
PatBlt
CreateRectRgnIndirect
GetTextMetricsA
GetTextExtentPoint32A
GetCharWidthA
CreateFontA
StretchDIBits
CreateFontIndirectA
GetTextColor
GetRgnBox
GetMapMode
CreateEllipticRgn
LPtoDP
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceA
GetTextExtentPointA
GetWindowOrgEx
DeleteObject
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
CreatePen
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateDCA
DeleteDC
EndDoc
AbortDoc
SetAbortProc
EndPage
StartPage
StartDocA
DPtoLP
GetDeviceCaps
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
PolyBezier
SetPixelV
GetPixel
BitBlt
RoundRect
Rectangle
Polygon
Ellipse
Polyline
Arc
GetBkColor
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
ExcludeClipRect

comdlg32

GetFileTitleA

winspool.drv

GetJobA
DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegSetValueA
GetFileSecurityA
SetFileSecurityA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyA

shell32

DragFinish
ExtractIconA
SHGetFileInfoA
DragQueryFileA

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathRemoveFileSpecW

oledlg

ord8

ole32

CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
IsAccelerator
OleTranslateAccelerator
CoInitializeEx
CoCreateInstance
CoUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
OleInitialize

oleaut32

VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SysFreeString
SysStringLen
SysAllocStringByteLen
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VariantCopy

Exports

Exports

DllRegisterServer

Sections

.text
Size: 391KB - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 151KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
220113-lamfdshaa9_pw_infected.zip
.zip

Password: infected
62bc8624b6ed645ddbe1420ca67376863c88e58e347fc8282001a2b9e3330918
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 572KB - Virtual size: 571KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
220116-bncs1afbc6_pw_infected.zip
.zip

Password: infected
bea9fc669319cd16df759974397e79c05e7565e75ca7c052af346e08b5f1d13a.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
220419-abax7sdffq_pw_infected.zip
.zip

Password: infected
emotet_exe_e5_53d5a86b1cb032154775e725ed728ba4bd819d40f3a541744661fcbd4d702319_2022-04-19__000144._exe
.dll regsvr32 windows:4 windows x86 arch:x86

0e8a17377c9b4601e7a0971e33ed66d1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
GetCommandLineA
ExitThread
CreateThread
HeapReAlloc
TerminateProcess
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
HeapFree
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetStdHandle
GetLocaleInfoW
HeapAlloc
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetCurrentDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetOEMCP
GetCPInfo
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GlobalFlags
InterlockedDecrement
RaiseException
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
lstrcmpA
GetModuleFileNameA
FreeResource
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
GetModuleHandleA
GlobalGetAtomNameA
GlobalAddAtomA
SetLastError
GlobalFree
FindResourceA
LoadResource
LockResource
SizeofResource
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
SuspendThread
GetCurrentThreadId
ResumeThread
CloseHandle
CreateEventA
ResetEvent
ExitProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
SetEvent
GetStringTypeExA
FreeLibrary
lstrcpynA
LoadLibraryA
GetProcAddress
GetTickCount
lstrlenA
lstrcmpiA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetEnvironmentStrings
InterlockedExchange

user32

GetMessageTime
GetMessagePos
MapWindowPoints
MessageBoxA
TrackPopupMenu
SetForegroundWindow
GetClientRect
AdjustWindowRectEx
ScreenToClient
DeferWindowPos
RegisterClassA
UnregisterClassA
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetSystemMetrics
PtInRect
GetWindowTextLengthA
GetWindowTextA
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemInt
CheckDlgButton
RegisterWindowMessageA
LoadMenuA
DestroyMenu
GetClassNameA
GetSysColor
SetWindowPos
WinHelpA
SetFocus
EqualRect
GetDlgItem
SetWindowLongA
GetDlgCtrlID
GetMenu
UnpackDDElParam
BeginPaint
LoadIconA
GetClassInfoA
SetCursor
GetCapture
ReleaseCapture
LoadAcceleratorsA
InvalidateRect
UpdateWindow
IsIconic
InsertMenuItemA
CreatePopupMenu
IntersectRect
OffsetRect
SetRectEmpty
CopyRect
GetLastActivePopup
BringWindowToTop
SetMenu
ShowWindow
GetWindowLongA
GetDesktopWindow
GetWindow
IsWindowEnabled
TranslateAcceleratorA
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
SetWindowsHookExA
CallNextHookEx
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
LoadCursorA
GetSysColorBrush
ShowOwnedPopups
PostQuitMessage
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
IsZoomed
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetFocus
GetParent
ModifyMenuA
GetMenuState
EnableMenuItem
SetCapture
LockWindowUpdate
GetDCEx
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
IsWindow
EnableWindow
PostMessageA
wsprintfA
SendMessageA
CharUpperA
GetMenuItemInfoA
InflateRect
SetActiveWindow
EndPaint
WindowFromPoint
KillTimer
SetTimer
ClientToScreen
SetRect
SetParent
GetSystemMenu
DeleteMenu
IsRectEmpty
GetDC
ReleaseDC
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
IsChild
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
ReuseDDElParam
UnhookWindowsHookEx

gdi32

IntersectClipRect
SelectClipRgn
CreateRectRgn
BitBlt
GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ExcludeClipRect
CreatePatternBrush
GetStockObject
CreateSolidBrush
CreateFontIndirectA
CreateRectRgnIndirect
PatBlt
SetRectRgn
CombineRgn
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetTextExtentPoint32A
GetTextMetricsA
GetBkColor
CreateFontA
GetCharWidthA
DeleteObject
SelectObject
StretchDIBits
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateCompatibleDC
CreateCompatibleBitmap
ScaleWindowExtEx
CreateBitmap
GetDeviceCaps

comdlg32

CommDlgExtendedError
PrintDlgA
GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegCloseKey

shell32

DragQueryFileA
DragFinish

comctl32

ImageList_Draw
ImageList_GetImageInfo
ord17
ImageList_Destroy

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

ws2_32

WSAStartup
inet_ntoa
ntohl
WSACleanup
gethostname
gethostbyaddr
gethostbyname
inet_addr

snmpapi

SnmpUtilOidFree
SnmpUtilOidCpy
SnmpUtilMemAlloc
SnmpUtilMemFree

oleaut32

VariantClear
VariantInit
SysAllocStringLen
VariantChangeType

Exports

Exports

DllRegisterServer
DllUnregisterServerrst

Sections

.text
Size: 212KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
3ec811757abece5eeb8d73fce8770390b5714b16e075c2558de050205cd8c8e9.zip
.zip

Password: infected
3ec811757abece5eeb8d73fce8770390b5714b16e075c2558de050205cd8c8e9.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 498KB - Virtual size: 497KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
44706c08266d280e6676bc6ebf3c13b20ebd16de2c5cf15d8be020d0d0d74fbe.rar
.rar
57800373ef6281de3f09ea995703c2307c548717622244573a76e843a9c7b115.zip
.zip

Password: infected
57800373ef6281de3f09ea995703c2307c548717622244573a76e843a9c7b115
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 123KB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
61a47ebee921db8a16a8f070edcb86b5efd47a8d185bf4691b57e76f697981f9.bin.zip
.zip

Password: infected
61a47ebee921db8a16a8f070edcb86b5efd47a8d185bf4691b57e76f697981f9.bin
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Control_RunDLL

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 87B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Caff54e1.bin.zip
.zip
QUOTATION REQUEST-77464563548764577.bin.zip
.zip
SecuriteInfo.com.W32.MSIL_Kryptik.GIP.genEldorado.24848.27027.zip
.zip
_____WGA45-J20.exe.zip
.zip
a.js.zip
.zip
dbS6VfB.bin.zip
.zip
maxhkjfd768.bin.zip
.zip
qakbot,vir.zip
.zip
wi8cp0.bin.zip
.zip

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Signatures

Files

Password: infected

cd8ebea09892dc08987d62be19403754

Headers

DLL Characteristics

File Characteristics

Imports

user32

setupapi

gdi32

advapi32

shlwapi

kernel32

rpcrt4

winspool.drv

ole32

winscard

version

wintrust

winmm

msvcrt

Exports

Exports

Sections

.text Size: 25KB - Virtual size: 26KB

.rdata Size: 129KB - Virtual size: 128KB

.crt Size: 65KB - Virtual size: 72KB

.rsrc Size: 1024B - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

Password: infected

d986dd84d593c1266f1531c47644f308

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

Exports

Exports

Sections

.text Size: 391KB - Virtual size: 390KB

.rdata Size: 111KB - Virtual size: 111KB

.data Size: 151KB - Virtual size: 165KB

.rsrc Size: 32KB - Virtual size: 31KB

.reloc Size: 49KB - Virtual size: 48KB

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 572KB - Virtual size: 571KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 214KB - Virtual size: 213KB

.text
Size: 25KB - Virtual size: 26KB

.rdata
Size: 129KB - Virtual size: 128KB

.crt
Size: 65KB - Virtual size: 72KB

.rsrc
Size: 1024B - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 391KB - Virtual size: 390KB

.rdata
Size: 111KB - Virtual size: 111KB

.data
Size: 151KB - Virtual size: 165KB

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 49KB - Virtual size: 48KB

.text
Size: 572KB - Virtual size: 571KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 214KB - Virtual size: 213KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 212KB - Virtual size: 208KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 156KB - Virtual size: 155KB

.reloc
Size: 32KB - Virtual size: 31KB

.text
Size: 498KB - Virtual size: 497KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 123KB - Virtual size: 3.3MB

.rdata
Size: 512B - Virtual size: 3.4MB

.data
Size: 1024B - Virtual size: 3.4MB

.reloc
Size: 1024B - Virtual size: 3.4MB

.text
Size: 121KB - Virtual size: 120KB

.rdata
Size: 512B - Virtual size: 87B

.data
Size: 1024B - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 560B