Errors

Reason
office: invalid password

General

  • Target

    JaffaCakes118_4abc4e174beea2d801bab1f52a202a1adcdc372443e25a2f1875b90f112ff56d

  • Size

    221.1MB

  • MD5

    0c1df79aedd19bad104f962cfa9495a2

  • SHA1

    62f9b3c0e8d3f29663c2bafde2602d7cda044fcc

  • SHA256

    4abc4e174beea2d801bab1f52a202a1adcdc372443e25a2f1875b90f112ff56d

  • SHA512

    b1f89e94914584186da5f6cd2755b35c134402f66f1c0d6dea22feafe84fe5b96f6e46460edce3c1c5a8ce0d0f766f6921b8c196e97172fcdbeeb0057b6f36db

  • SSDEEP

    3145728:rdm8ZSmWUMbGIngwOqslykYmO6PCtzCtFRU/mvL91UppmkSKmfLeUuO5jPOL0aj0:fSmhMbGqylyzs/imvL91UYLfLd1PHp

Malware Config

Extracted

Family

cobaltstrike

Botnet

305419896

C2

http://47.91.237.42:8443/__utm.gif

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    47.91.237.42,/__utm.gif

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • polling_time

    60000

  • port_number

    8443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS7zRQv7EhhTkbgDrCNBsNay7lzQFmcC/GWwjOq93nKwPSszjIKgtW8nwhtoRhr6MFZx4DSYFdeuJDrtJNcTZz2C/LgZzhSQJmhiEqCkVqPPCfK1C6S4PzDrzy9L794rPLOuoewlGAXgiH5/Ae2aC5k2wedRNfes3DJZDDCaJJYwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0)

  • watermark

    305419896

Extracted

Family

zloader

Botnet

main

Campaign

26.02.2020

C2

https://airnaa.org/sound.php

https://banog.org/sound.php

https://rayonch.org/sound.php

Attributes
  • build_id

    19

rc4.plain

Extracted

Family

revengerat

Botnet

XDSDDD

C2

84.91.119.105:333

Mutex

RV_MUTEX-wtZlNApdygPh

Extracted

Family

revengerat

Botnet

Victime

C2

cocohack.dtdns.net:84

Mutex

RV_MUTEX-OKuSAtYBxGgZHx

Extracted

Family

zloader

Botnet

25/03

C2

https://wgyvjbse.pw/milagrecf.php

https://botiq.xyz/milagrecf.php

Attributes
  • build_id

    103

rc4.plain

Extracted

Family

revengerat

Botnet

samay

C2

shnf-47787.portmap.io:47787

Mutex

RV_MUTEX

Extracted

Family

zloader

Botnet

09/04

C2

https://eoieowo.casa/wp-config.php

https://dcgljuzrb.pw/wp-config.php

Attributes
  • build_id

    140

rc4.plain

Extracted

Family

zloader

Botnet

07/04

C2

https://xyajbocpggsr.site/wp-config.php

https://ooygvpxrb.pw/wp-config.php

Attributes
  • build_id

    131

rc4.plain

Extracted

Family

revengerat

Botnet

INSERT-COIN

C2

3.tcp.ngrok.io:24041

Mutex

RV_MUTEX

Extracted

Family

revengerat

Botnet

YT

C2

yukselofficial.duckdns.org:5552

Mutex

RV_MUTEX-WlgZblRvZwfRtNH

Extracted

Family

revengerat

Botnet

system

C2

yj233.e1.luyouxia.net:20645

Mutex

RV_MUTEX-GeVqDyMpzZJHO

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

srpmx.ddns.net:5552

Mutex

c6c84eeabbf10b049aa4efdb90558a88

Attributes
  • reg_key

    c6c84eeabbf10b049aa4efdb90558a88

  • splitter

    |'|'|

Extracted

Family

xred

C2

xred.mooo.com

Attributes
  • email

    [email protected]

  • payload_url

    http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

    https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

    http://xred.site50.net/syn/SUpdate.ini

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download

    https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

    http://xred.site50.net/syn/Synaptics.rar

    https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

    https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

    http://xred.site50.net/syn/SSLLibrary.dll

Extracted

Family

njrat

Version

0.7d

Botnet

HACK

C2

43.229.151.64:5552

Mutex

6825da1e045502b22d4b02d4028214ab

Attributes
  • reg_key

    6825da1e045502b22d4b02d4028214ab

  • splitter

    Y262SUCZ4UJJ

Signatures

  • Cobaltstrike family
  • Detects Zeppelin payload 2 IoCs
  • ModiLoader Second Stage 2 IoCs
  • Modiloader family
  • Njrat family
  • RevengeRat Executable 6 IoCs
  • Revengerat family
  • Xred family
  • Zeppelin family
  • Zloader family
  • CryptOne packer 2 IoCs

    Detects CryptOne packer defined in NCC blogpost.

  • Office macro that triggers on suspicious action 1 IoCs

    Office document macro which triggers in special circumstances - often malicious.

  • AutoIT Executable 4 IoCs

    AutoIT scripts compiled to PE executables.

  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Unsigned PE 110 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 9 IoCs

Files

  • JaffaCakes118_4abc4e174beea2d801bab1f52a202a1adcdc372443e25a2f1875b90f112ff56d
    .zip .js polyglot
  • (1).DS_Store
  • .DS_Store
  • 08751be484e1572995ebb085df1c2c6372084d63a64dce7fab28130d79a6ea2d.exe
    .dll regsvr32 windows:6 windows x86 arch:x86

    2663449fe2b5c605fb51974e3bf7d1a5


    Headers

    Imports

    Exports

    Sections

  • 0a9f79abd48b95544d7e2b6658637d1eb23067a94e10bf06d05c9ecc73cf4b51.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • 0di3x.exe
    .exe windows:5 windows x86 arch:x86

    5556ca45183493f7eae5ee3a6643f505


    Headers

    Imports

    Sections

  • 104.248.221.3/systemerror-ie-edge/_data_image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIAAAACACAMA/xhBQAAAAFzUkdCAK7OHOkAAAAPUExURQAAAAICAgAAAP/5WVlXiCGdAAAAADdFJOUwD8ZX+n/7gAAABvSURBVHja7dbBAUAwEABB/ykAAAAAAAAAAAAAAAAAgNcF
    .html
  • 104.248.221.3/systemerror-ie-edge/beep.mp3
  • 104.248.221.3/systemerror-ie-edge/bootstrap.min.css
  • 104.248.221.3/systemerror-ie-edge/dsffddfdfdsawqwq22121sdsd.html
    .html
  • 104.248.221.3/systemerror-ie-edge/err.mp3
  • 104.248.221.3/systemerror-ie-edge/img/Windows.png
    .png
  • 104.248.221.3/systemerror-ie-edge/img/advance_call_center.png
    .png
  • 104.248.221.3/systemerror-ie-edge/img/bg.jpg
    .jpg
  • 104.248.221.3/systemerror-ie-edge/img/blue-square.png
    .png
  • 104.248.221.3/systemerror-ie-edge/img/blur.html
    .html
  • 104.248.221.3/systemerror-ie-edge/img/call.png
    .png
  • 104.248.221.3/systemerror-ie-edge/img/connect.png
    .png
  • 104.248.221.3/systemerror-ie-edge/img/headshot-bg.html
    .html
  • 104.248.221.3/systemerror-ie-edge/img/made_in_usa.png
    .png
  • 104.248.221.3/systemerror-ie-edge/img/resolve.png
    .png
  • 104.248.221.3/systemerror-ie-edge/indexe2c9.html
    .html .js polyglot
  • 104.248.221.3/systemerror-ie-edge/js/main.js
    .js
  • 104.248.221.3/systemerror-ie-edge/main.min.css
  • 104.248.221.3/systemerror-ie-edge/sli/css/simple-line-icons.css
  • 104.248.221.3/systemerror-ie-edge/sli/fonts/Simple-Line-Iconsb26c.eot
  • 104.248.221.3/systemerror-ie-edge/sli/fonts/Simple-Line-Iconsb26c.svg
    .xml
  • 104.248.221.3/systemerror-ie-edge/sli/fonts/Simple-Line-Iconsb26c.ttf
  • 104.248.221.3/systemerror-ie-edge/sli/fonts/Simple-Line-Iconsb26c.woff
  • 104.248.221.3/systemerror-ie-edge/sli/fonts/Simple-Line-Iconsb26c.woff2
  • 104.248.221.3/systemerror-ie-edge/style.min.css
  • 11.html
    .html .js polyglot
  • 12.html
    .html .js polyglot
  • 2.png
    .png
  • 201106-9sxjh7tvxj_pw_infected.zip
    .zip

    Password: infected

  • 4a30275f14f80c6e11d5a253d7d004eda98651010e0aa47f744cf4105d1676ab
    .dll windows:4 windows x86 arch:x86

    d824547637617b741f40e6f71ae28df2


    Code Sign

    Headers

    Imports

    Sections

  • 2019-09-02_22-41-10.exe
    .exe windows:5 windows x86 arch:x86

    0b940f4d2992021389a241ab8513fc6b


    Headers

    Imports

    Sections

  • 2c01b007729230c415420ad641ad92eb.exe
    .exe windows:5 windows x86 arch:x86

    3c98c11017e670673be70ad841ea9c37


    Headers

    Imports

    Sections

  • 31.exe
    .exe windows:4 windows x86 arch:x86

    5877688b4859ffd051f6be3b8e0cd533


    Headers

    Imports

    Sections

  • 3DMark 11 Advanced Edition.exe
    .exe windows:5 windows x86 arch:x86

    fcf1390e9ce472c7270447fc5c61a0c1


    Headers

    Imports

    Sections

  • 405.zip
    .zip
  • files/alert.jpg
    .jpg
  • files/alertmicrosoft.mp3
  • files/background-2.png
    .png
  • files/microsoft.png
    .png
  • files/style.css
  • files/warning.mp3
  • index.html
    .js
  • msie1.html
    .js
  • msie2.html
    .js
  • 42f972925508a82236e8533567487761.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • 5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • 6306868794.bin.zip
    .zip

    Password: infected

  • c2716fcc735a4f1b9fce29cb1dc20a26969b71f615e2b119e9680f015379d286
    .exe windows:5 windows x86 arch:x86

    4c419ecfe3e09e47dbaccd4dec0b47f5


    Headers

    Imports

    Sections

  • 69c56d12ed7024696936fb69b4c6bee58174a275cb53fa966646a0b092d9626b.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • 905d572f23883f5f161f920e53473989cf7dffc16643aa759f77842e54add550.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • 948340be97cc69c2cf8e5c8327ee52a89eeb50095f978696c710ad773a46b654.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • 95560f1a465e8ba87a73f8e60a6657545073d55c3b5cfc2ffdaf3d69d46afcf9.exe
    .dll regsvr32 windows:6 windows x86 arch:x86

    c4a8909c0bccc13eaa9bdf93bacea9e6


    Headers

    Imports

    Exports

    Sections

  • Archive.zip__ccacaxs2tbz2t6ob3e.exe
    .exe windows:5 windows x86 arch:x86

    ecc8b2d72205d5666936947a45fa8392


    Headers

    Imports

    Sections

  • CVE-2018-15982_PoC.swf
  • [email protected]
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • [email protected]
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • DiskInternals_Uneraser_v5_keygen.exe
    .exe windows:5 windows x86 arch:x86

    fcf1390e9ce472c7270447fc5c61a0c1


    Headers

    Imports

    Sections

  • DoppelPaymer.RANSOM.zip
    .zip

    Password: infected

  • DoppelPaymer.RANSOM
    .exe windows:5 windows x86 arch:x86

    00be6e6c4f9e287672c8301b72bdabf3


    Headers

    Imports

    Sections

  • E2-20201118_141759.zip
    .zip

    Password: infected

  • f28e02bd1e9cc701437328dc7bec07b439b5b97277a7983e9ca302fbc550e48a.exe
    .exe windows:4 windows x86 arch:x86

    48fdd0b01e6d773c16728e362c6734ff


    Headers

    Imports

    Sections

  • E42A.zip
    .zip

    Password: infected

  • E42A
    .exe windows:5 windows x86 arch:x86

    d23ceca18ddf2e96c019ec5f4c183047


    Headers

    Imports

    Sections

  • [email protected]
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • [email protected]
    .exe windows:6 windows x86 arch:x86

    008aca28b7c001acc5e0ab32fabaad84


    Headers

    Imports

    Sections

  • [email protected]
    .exe windows:5 windows x86 arch:x86

    9402b48d966c911f0785b076b349b5ef


    Headers

    Imports

    Sections

  • [email protected]
    .exe windows:4 windows x86 arch:x86

    5a2c800e40f7e30fbf38d55c7090d219


    Headers

    Imports

    Sections

  • [email protected]
    .exe windows:5 windows x86 arch:x86

    50610e34092d6ce13e51e7c9d5197081


    Headers

    Imports

    Sections

  • [email protected]
    .exe windows:5 windows x86 arch:x86

    71239d4ab8bd734745714b0037234d0b


    Headers

    Imports

    Sections

  • [email protected]
    .exe windows:5 windows x86 arch:x86

    e3bda9df66f1f9b2b9b7b068518f2af1


    Code Sign

    Headers

    Imports

    Sections

  • [email protected]
    .exe windows:10 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:10 windows x86 arch:x86


    Headers

    Sections

  • [email protected]
    .exe windows:5 windows x86 arch:x86

    604de9c4534997ea4f32f86753fab871


    Code Sign

    Headers

    Imports

    Sections

  • [email protected]
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • [email protected]
    .exe windows:1 windows x86 arch:x86


    Headers

    Sections

  • [email protected]
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • [email protected]
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • [email protected]
    .exe windows:1 windows x86 arch:x86


    Headers

    Sections

  • [email protected]
    .exe windows:4 windows x86 arch:x86

    e160ef8e55bb9d162da4e266afd9eef3


    Code Sign

    Headers

    Imports

    Sections

  • [email protected]
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • [email protected]
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • [email protected]
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • [email protected]
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • [email protected]
    .exe windows:4 windows x86 arch:x86

    620760962d7d40d6f6f4a86a401ddcfa


    Headers

    Imports

    Sections

  • [email protected]
    .exe windows:5 windows x86 arch:x86

    a1dba9b365e1729b7b747a81530fba79


    Headers

    Imports

    Exports

    Sections

  • [email protected]
    .exe windows:5 windows x86 arch:x86

    00be6e6c4f9e287672c8301b72bdabf3


    Headers

    Imports

    Sections

  • [email protected]
    .exe windows:4 windows x86 arch:x86

    b4b5f9450a4de64424c7896eebdaf75b


    Headers

    Imports

    Sections

  • Endermanch@NavaShield(1).exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • [email protected]
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • [email protected]
    .exe windows:5 windows x86 arch:x86

    50610e34092d6ce13e51e7c9d5197081


    Headers

    Imports

    Sections

  • [email protected]
    .msi .vbs polyglot
  • [email protected]
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • [email protected]
    .exe windows:4 windows x86 arch:x86

    91b2790c505bbe69e215e722d884b1b4


    Headers

    Imports

    Sections

  • [email protected]
    .exe windows:5 windows x86 arch:x86

    9f9da03f359e04c9ef7a636c5fa7b6db


    Headers

    Imports

    Exports

    Sections

  • [email protected]
    .exe windows:1 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • [email protected]
    .exe windows:5 windows x86 arch:x86

    7b4879f52b9e13826e55497b8a5033c3


    Headers

    Imports

    Exports

    Sections

  • [email protected]
    .exe windows:4 windows x86 arch:x86

    2034ca1e64f1b7d7caa54336f36141b2


    Headers

    Imports

    Sections

  • [email protected]
    .exe windows:5 windows x86 arch:x86

    87bed5a7cba00c7e1f4015f1bdae2183


    Headers

    Imports

    Sections

  • [email protected]
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • [email protected]
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • [email protected]
    .exe windows:4 windows x86 arch:x86

    d6d92b735b19ebf8f5154df99a6eaf71


    Headers

    Imports

    Sections

  • [email protected]
    .exe windows:5 windows x86 arch:x86

    9f9da03f359e04c9ef7a636c5fa7b6db


    Headers

    Imports

    Exports

    Sections

  • [email protected]
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • [email protected]
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • [email protected]
    .exe windows:5 windows x86 arch:x86

    fdc840a7a99c43c34a60188ec8cc1596


    Headers

    Imports

    Sections

  • [email protected]
    .exe windows:4 windows x86 arch:x86

    33ef7b8ab8c303e1cca7e465369d918d


    Headers

    Imports

    Sections

  • [email protected]
    .exe windows:4 windows x86 arch:x86

    099c0646ea7282d232219f8807883be0


    Headers

    Imports

    Sections

  • [email protected]
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • Fake BSOD.html
    .html .js polyglot
  • Fantom.exe
    .exe windows:5 windows x86 arch:x86

    bf5a4aa99e5b160f8521cadd6bfe73b8


    Headers

    Imports

    Sections

  • ForceOp 2.8.7 - By RaiSence.exe
    .exe windows:5 windows x86 arch:x86

    fcf1390e9ce472c7270447fc5c61a0c1


    Headers

    Imports

    Sections

  • HYDRA.exe
    .exe windows:4 windows x86 arch:x86

    3abe302b6d9a1256e6a915429af4ffd2


    Headers

    Imports

    Sections

  • KLwC6vii.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • Keygen.exe
    .exe windows:4 windows x86 arch:x86

    06ac1f21ee2a357ffb0dd7db52cbbb13


    Headers

    Imports

    Sections

  • Lonelyscreen.1.2.9.keygen.by.Paradox.exe
    .exe windows:5 windows x86 arch:x86

    fcf1390e9ce472c7270447fc5c61a0c1


    Headers

    Imports

    Sections

  • LtHv0O2KZDK4M637.exe
    .exe windows:5 windows x86 arch:x86

    eb97e4fc5518ac300a92a11673825e0b


    Headers

    Imports

    Sections

  • Magic_File_v3_keygen_by_KeygenNinja.exe
    .exe windows:5 windows x86 arch:x86

    4cfda23baf1e2e983ddfeca47a5c755a


    Headers

    Imports

    Sections

  • Malware
  • NETFramework.exe
    .exe windows:5 windows x86 arch:x86

    9b2f6a441f9ff8df98ae6e9e6b5d4271


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • OnlineInstaller.exe
    .exe windows:5 windows x86 arch:x86

    5bd730b74335de2d8c76ffbc12562b9c


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • REVENGE-RAT.js.zip
    .zip
  • RRLL.bin.zip
    .zip
  • Remouse.Micro.Micro.v3.5.3.serial.maker.by.aaocg.exe
    .exe windows:5 windows x86 arch:x86

    fcf1390e9ce472c7270447fc5c61a0c1


    Headers

    Imports

    Sections

  • [email protected]
    .exe windows:4 windows x86 arch:x86

    56d6649bc6b8e7245fdedd2c3c139cbc


    Headers

    Imports

    Sections

  • SecuriteInfo.com.Generic.mg.cde56cf0169830ee.29869
    .dll windows:4 windows x86 arch:x86

    5aea93441ad3d0a618b05bc5b3bc05ff


    Code Sign

    Headers

    Imports

    Sections

  • SecurityTaskManager_Setup.exe
    .exe windows:4 windows x86 arch:x86

    60f2858f8c859062bd16000a4cb2a2ed


    Code Sign

    Headers

    Imports

    Sections

  • Treasure.Vault.3D.Screensaver.keygen.by.Paradox.exe
    .exe windows:5 windows x86 arch:x86

    fcf1390e9ce472c7270447fc5c61a0c1


    Headers

    Imports

    Sections

  • VyprVPN.exe
    .exe windows:4 windows x86 arch:x86

    4f67aeda01a0484282e8c59006b0b352


    Headers

    Imports

    Sections

  • WSHSetup[1].exe
    .exe windows:5 windows x86 arch:x86

    3c977911c8eee24abac5edc906e5e72c


    Headers

    Imports

    Sections

  • XPAntivirus2008.ico
  • Yard.dll
    .dll windows:4 windows x86 arch:x86

    a8df0c160e055b59b38d117eae613f75


    Headers

    Imports

    Exports

    Sections

  • ___ _ _____ __ ___/전산 및 비전산자료 보존 요청서.tgz
    .gz
  • ajax2.gif
    .gif
  • alert.css
  • b2bd3de3e5b0e35313263bef4b1ca49c5478d472f6d37d1070a57b1f6aa4f7bb (2).exe
    .exe windows:5 windows x86 arch:x86

    d85aae93bf5cde2e2f2e4b614a57d29e


    Headers

    Imports

    Exports

    Sections

  • b2bd3de3e5b0e35313263bef4b1ca49c5478d472f6d37d1070a57b1f6aa4f7bb (3).exe
    .dll regsvr32 windows:6 windows x86 arch:x86

    fb137f28693ffcbb13d636260b46a068


    Headers

    Imports

    Exports

    Sections

  • b2bd3de3e5b0e35313263bef4b1ca49c5478d472f6d37d1070a57b1f6aa4f7bb (4).exe
    .dll regsvr32 windows:6 windows x86 arch:x86

    b75ad724d042de3da39482ba6cc804cb


    Headers

    Imports

    Exports

    Sections

  • b2bd3de3e5b0e35313263bef4b1ca49c5478d472f6d37d1070a57b1f6aa4f7bb.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • b2bd3de3e5b0e35313263bef4b1ca49c5478d472f6d37d1070a57b1f6aa4f7bb.zip
    .zip
  • backblue(1).gif
    .gif
  • backblue.gif
    .gif
  • beep(1).mp3
  • beep.mp3
  • bootstrap.min.css
  • bootstrap.min.js
    .js
  • cd9ccf8681ed1a5380f8a27cd6dc927ab719b04baa6c6583a0c793a6dc00d5f7.exe
    .exe windows:5 windows x86 arch:x86

    eb97e4fc5518ac300a92a11673825e0b


    Headers

    Imports

    Sections

  • ch/a.mp3
  • ch/alert.css
  • ch/bootstrap.css
  • ch/index.html
    .js
  • ch/jquery-1.js
    .js
  • ch/microsoft.png
    .png
  • ch/retreaver.js
    .js
  • ch/style.css
  • ch/translator.css
  • chrome-assests/a.html
    .html
  • chrome-assests/alert.css
  • chrome-assests/bootstrap.css
  • chrome-assests/gb.mp3
  • chrome-assests/ie10-viewport-bug-workaround.html
    .html
  • chrome-assests/iframe.js
    .js
  • chrome-assests/images.zip
    .zip
  • chrome-assests/img-1.svg
    .xml
  • chrome-assests/img-10.svg
  • chrome-assests/img-11.svg
    .xml
  • chrome-assests/img-12.svg
    .xml
  • chrome-assests/img-2.svg
    .xml
  • chrome-assests/img-3.svg
    .xml
  • chrome-assests/img-4.svg
    .xml
  • chrome-assests/img-5.svg
    .xml
  • chrome-assests/img-6.svg
    .xml
  • chrome-assests/img-7.svg
    .xml
  • chrome-assests/img-8.svg
    .xml
  • chrome-assests/img-9.svg
    .xml
  • chrome-assests/jquery-1.js
    .js
  • chrome-assests/microsoft.png
    .png
  • chrome-assests/retreaver.js
    .js
  • chrome-assests/style.css
  • chrome-assests/translator.css
  • cobaltstrike_shellcode.exe
    .exe windows:4 windows x86 arch:x86

    829da329ce140d873b4a8bde2cbfaa7e


    Headers

    Imports

    Sections

  • cookies.txt
  • css
  • default.exe
    .exe windows:4 windows x86 arch:x86

    8acb34bed3caa60cae3f08f75d53f727


    Headers

    Imports

    Sections

  • ec4f09f82d932cdd40700a74a8875b73a783cbaab1f313286adf615a5336d7d3
    .exe windows:5 windows x86 arch:x86

    e3c0e20c83b68bd827b5585acf42cd9f


    Headers

    Imports

    Sections

  • edge.svg
    .xml
  • efd97b1038e063779fb32a3ab35adc481679a5c6c8e3f4f69c44987ff08b6ea4.js
    .js
  • emotet_exe_e1_ef536781ae8be4b67a7fb8aa562d84994ad250d97d5606115b6f4e6e2992363f_2020-11-17__174504._exe
    .exe windows:5 windows x86 arch:x86

    521d2b6b3783f05d9e58c76c5f9844de


    Headers

    Imports

    Exports

    Sections

  • emotet_exe_e3_93074e9fbde60e4182f5d763bac7762f2d4e2fcf9baf457b6f12e7696b3562c1_2020-11-17__182823.exe
    .exe windows:4 windows x86 arch:x86

    274ac2c59ebd50168147ffd939350467


    Headers

    Imports

    Sections

  • err.mp3
  • eupdate.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • f4f47c67be61d386e7d757ff89825fa630dd5cc4ed600b5471f9cc18c21e983f.exe
    .exe windows:6 windows x64 arch:x64

    3fbe968d4a91909b7a50f8f5a87ea911


    Headers

    Imports

    Sections

  • fade(1).gif
    .gif
  • fade.gif
    .gif
  • favicon.ico
  • fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • fee15285c36fa7e28e28c7bb9b4cd3940ef12b9907de59d11ab6e2376416d35.exe
    .exe windows:4 windows x86 arch:x86

    ba56e34e8a22ac91a660555598e60e39


    Headers

    Imports

    Sections

  • file(1).exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • file.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • files/alert.jpg
    .jpg
  • files/alertmicrosoft.mp3
  • files/background-2.png
    .png
  • files/microsoft.png
    .png
  • files/style.css
  • files/warning.mp3
  • firiedge/a.mp3
  • firiedge/defender.png
    .png
  • firiedge/favico.jpg
    .jpg
  • firiedge/index.html
    .js
  • firiedge/jquery.min.js
    .js
  • firiedge/login.php
  • firiedge/main.css
  • gjMEi6eG.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • good.exe
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • header-bar3.png
    .png
  • hts-cache/doit.log
  • hts-cache/new.lst
  • hts-cache/new.txt
  • hts-cache/new.zip
    .zip
  • hts-cache/readme.txt
  • hts-cache/winprofile.ini
  • hyundai steel-pipe- job 8010(1).exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • hyundai steel-pipe- job 8010.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • ie.svg
    .xml
  • image.png
    .png
  • images/apple/Descr.WD3
  • images/apple/image_large.png
    .png
  • images/apple/image_small.png
    .png
  • images/bag/Descr.WD3
  • images/bag/image_large.png
    .png
  • images/bag/image_small.png
    .png
  • images/links/ipad/Descr.WD3
  • images/links/ipad/image_large.png
    .png
  • images/links/ipad/image_small.png
    .png
  • images/links/iphone/Descr.WD3
  • images/links/iphone/image_large.png
    .png
  • images/links/iphone/image_small.png
    .png
  • images/links/mac/Descr.WD3
  • images/links/mac/image_large.png
    .png
  • images/links/mac/image_small.png
    .png
  • images/links/music/Descr.WD3
  • images/links/music/image_large.png
    .png
  • images/links/music/image_small.png
    .png
  • images/links/support/Descr.WD3
  • images/links/support/image_large.png
    .png
  • images/links/support/image_small.png
    .png
  • images/links/tv/Descr.WD3
  • images/links/tv/image_large.png
    .png
  • images/links/tv/image_small.png
    .png
  • images/links/watch/Descr.WD3
  • images/links/watch/image_large.png
    .png
  • images/links/watch/image_small.png
    .png
  • images/search/Descr.WD3
  • images/search/close_large.png
    .png
  • images/search/close_small.png
    .png
  • images/search/icon_reset_small.png
    .png
  • images/search/icon_suggested_large.png
    .png
  • images/search/icon_suggested_small.png
    .png
  • images/search/image_large.png
    .png
  • images/search/image_small.png
    .png
  • img/1/3/alert.png
    .png
  • img/1/3/alertmeta.png
    .png
  • img/1/3/icon.alert.jpg
    .jpg
  • img/1/3/loading.green.gif
    .gif
  • img/1/3/loading.highlight.png
    .png
  • img/1/3/progressbar.bg.png
    .png
  • img/1/3/qicon.gif
    .gif
  • img/1/3/sector.bg.gif
    .gif
  • img/1/3/sector.hdd.png
    .png
  • img/1/3/sector.removable.png
    .png
  • img/1/3/security.png
    .png
  • img/1/3/security2.png
    .png
  • img/1/3/sidebar.bg.png
    .png
  • img/bg-1.jpg
    .jpg
  • img/bg-2.jpg
    .jpg
  • img/bg-3.jpg
    .jpg
  • img/defender.png
    .png
  • index(1).html
    .html
  • index(10).html
    .js
  • index(11).html
    .html .js polyglot
  • index(2).html
    .js
  • index(3).html
    .html .js polyglot
  • index(4).html
    .html
  • index(5).html
    .html .js polyglot
  • index(6).html
    .js
  • index(7).html
    .html .js polyglot
  • index(8).html
    .js
  • index(9).html
    .js
  • index.css
  • index.html
    .js
  • index2.html
    .js
  • infected dot net installer.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • inps_979.xls
    .xls windows office2003
  • jar.jar
    .jar
  • jquery-3.js
    .js
  • jquery.min.js
    .js
  • js/.DS_Store
  • js/Descr.WD3
  • js/atemwgyji.js
    .js
  • js/functions.js
    .js
  • js/jquery(1).js
    .js
  • js/jquery(2).js
    .js
  • js/jquery-1.12.0.min.js
    .js
  • js/jquery-ui-1.js
    .js
  • js/jquery.js
    .js
  • js/jquery.min.js
    .js
  • june9.dll
    .dll windows:6 windows x86 arch:x86

    260441d5ca8d9f18f1b88c86dd5a5a50


    Headers

    Imports

    Exports

    Sections

  • logo.png
    .png
  • maxcdn.bootstrapcdn.com/bootstrap/3.4.0/js/bootstrap.min.js
    .js
  • micro-logo.png
    .png
  • mouse_2.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • msie1.html
    .js
  • msie2.html
    .js
  • murphy_chrome.zip
    .zip
  • murphy_ie.zip
    .zip
  • oof.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • openme.exe
    .exe windows:4 windows x86 arch:x86

    0fb7b957c900aa346dfe038d32b1c79f


    Headers

    Imports

    Sections

  • ou55sg33s_1.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • redx.php
    .html .js polyglot
  • robots.txt
  • senate.m4a
    .dll windows:4 windows x86 arch:x86

    b830174c9e391ff1d806b76304cef839


    Headers

    Imports

    Sections

  • song.mp3
  • sound/err.mp3
  • starticon3.exe
    .exe windows:5 windows x86 arch:x86

    af26cb1625d44d032194d9902e14f12f


    Headers

    Imports

    Sections

  • static.notifme.club/push_js/push_subs.js
    .js
  • str.dll
    .dll windows:6 windows x86 arch:x86

    a727715efbf0ea37140c651d51147ad2


    Headers

    Imports

    Sections

  • style.css
  • style.min.css
  • svchost.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • trn.png
    .png
  • update.exe
    .exe windows:5 windows x86 arch:x86

    eb97e4fc5518ac300a92a11673825e0b


    Headers

    Imports

    Sections

  • vir1.xls
    .xlsx .xls office2007
  • warning.png
    .png
  • wwf[1].exe
    .exe windows:6 windows x86 arch:x86

    e8724043552c009702f212f46e2b6998


    Headers

    Imports

    Sections

  • www.google-analytics.com/analytics.js
    .js
  • www.mscheck022.com/sk/dc7c905a/us/index9cc5.html
    .html .js polyglot
  • www.mscheck022.com/sk_pre/6/img/cross.gif
    .gif
  • www.mscheck022.com/sk_pre/6/img/icon_app.gif
    .gif
  • www.mscheck022.com/sk_pre/6/img/warn_.gif
    .gif
  • x.png
    .png
  • xNet.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • 전산 및 비전산자료 보존 요청서(20200525)_꼭 확인하시고 자료보존해주세요.exe
    .exe windows:5 windows x86 arch:x86

    93b970b63b735db9b186365630218e72


    Headers

    Imports

    Exports

    Sections

  • 전산 및 비전산자료 보존 요청서(20200525)_꼭 확인하시고 자료보존해주세요1.exe
    .exe windows:5 windows x86 arch:x86

    93b970b63b735db9b186365630218e72


    Headers

    Imports

    Exports

    Sections