Spyware Exploit Downloader
Lokibot Mal/HTMLGen-A Trojan.GenericKDZ.77897 Trojan.GenericKDZ.77711 +3
Created on 2021-09-28T05:23:00
09d2b8f86f136cb14832e9a4de582c239c698044adcc8d12d6195f5eff78ccab.xlsx
Remarks (1/1)
(0x0200000E): The overall sleep time of all monitored processes was truncated from "3 hours, 31 minutes" to "20 seconds" to reveal dormant functionality.
Remarks
(0x0200001D): The maximum number of extracted files was exceeded. Some files may be missing in the report.
(0x0200004F): Static Analysis failed to analyze file artifacts in this analysis due to an error. Check the artifact_static_analysis.log file for further information.
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
File Name | Category | Type | Verdict | Actions |
---|
C:\Users\RDhJ0CNFevzX\Desktop\09d2b8f86f136cb14832e9a4de582c239c698044adcc8d12d6195f5eff78ccab.xlsx | Sample File | Excel Document |
malicious
|
...
|
Verdict |
malicious
|
Threat Name | Verdict |
---|---|
Trojan.GenericKDZ.77897 |
malicious
|
Create Time | 2006-09-16 00:00:00+00:00 |
Modify Time | 2021-09-27 14:06:21+00:00 |
Detected CVEs | CVE-2018-0798 |
Application | Microsoft Excel |
App Version | 12.0000 |
Document Security | SECURITY_PASSWORD |
Titles Of Parts | Sheet1, Sheet2, Sheet3 |
ScaleCrop | |
SharedDoc |
CLSID | Control Name | Associated Vulnerability |
---|---|---|
{0002CE02-0000-0000-C000-000000000046} | Equation2 | CVE-2017-11882 |
Microsoft_Office_Word_Macro-Enabled_Document1.docm | Embedded File | Word Document |
malicious
|
...
|
Threat Name | Verdict |
---|---|
Trojan.GenericKDZ.77711 |
malicious
|
Creator | 91974 |
Last Modified By | 91974 |
Revision | 1 |
Create Time | 2021-09-27 14:05:00+00:00 |
Modify Time | 2021-09-27 14:05:00+00:00 |
Application | Microsoft Office Word |
App Version | 12.0000 |
Template | Normal.dotm |
Document Security | NONE |
Editing Time | 1.0 |
Page Count | 1 |
Line Count | 1 |
Paragraph Count | 1 |
Character Count | 1 |
Chars With Spaces | 1 |
ScaleCrop | |
SharedDoc |
Verdict |
malicious
|
oleObject1.bin | Embedded File | OLE Compound |
malicious
|
...
|
Threat Name | Verdict |
---|---|
Exploit.CVE-2018-0802.Gen |
malicious
|
CLSID | Control Name | Associated Vulnerability |
---|---|---|
{0002CE02-0000-0000-C000-000000000046} | Equation2 | CVE-2017-11882 |
Name | ID | Size | Actions |
---|---|---|---|
Root\Ole | 1 | 20 Bytes |
...
|
Root\olE10NAtiVe | 2 | 1.64 KB |
...
|
C:\Users\RDhJ0CNFevzX\AppData\Roaming\9EDDE9\9BDC8A.exe | Dropped File | Unknown |
N/A
Not Available because the file was not extracted successfully.
|
...
|
Also Known As | C:\Users\Public\vbc.exe (Dropped File) |
MIME Type | - |
File Size | - |
MD5 | - |
SHA1 | - |
SHA256 | - |
SSDeep | - |
ImpHash | - |
c:\users\rdhj0cnfevzx\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-1560258661-3990802383-1811730007-1000\3d3578a85286f88c6cd9d151e4412949_03845cb8-7441-4a2f-8c0f-c90408af5778 | Dropped File | Stream |
clean
|
...
|
C:\Users\RDhJ0CNFevzX\AppData\Roaming\9EDDE9\9BDC8A.hdb | Dropped File | Text |
clean
|
...
|
C:\Users\RDhJ0CNFevzX\AppData\Roaming\9EDDE9\9BDC8A.lck | Dropped File | Stream |
clean
Known to be clean.
|
...
|
c:\users\rdhj0cnfevzx\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-1560258661-3990802383-1811730007-1000\3d3578a85286f88c6cd9d151e4412949_03845cb8-7441-4a2f-8c0f-c90408af5778 | Dropped File | Stream |
clean
Known to be clean.
|
...
|
e4c1c0121487f83b014b8c81bbaf03db0b7f49584a268a5e67ca64ba6e64676f | Downloaded File | Binary |
clean
|
...
|
Image Base | 0x400000 |
Entry Point | 0x401b18 |
Size Of Code | 0x16c00 |
Size Of Initialized Data | 0xa1400 |
File Type | FileType.executable |
Subsystem | Subsystem.windows_gui |
Machine Type | MachineType.i386 |
Compile Timestamp | 2021-01-30 19:58:00+00:00 |
InternalName | sajbmiamezu.ise |
Copyright | Copyrighz (C) 2021, fudkagat |
ProductVersion | 8.64.59.5 |
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x401000 | 0x16a20 | 0x16c00 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.74 |
.rdata | 0x418000 | 0x31ef | 0x3200 | 0x17000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.18 |
.data | 0x41c000 | 0x8557c | 0x1e00 | 0x1a200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 1.32 |
.rsrc | 0x4a2000 | 0x175b8 | 0x17600 | 0x1c000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 6.36 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetCommandLineW | - | 0x418000 | 0x1a968 | 0x19968 | 0x170 |
HeapReAlloc | - | 0x418004 | 0x1a96c | 0x1996c | 0x2a4 |
GetLocaleInfoA | - | 0x418008 | 0x1a970 | 0x19970 | 0x1e8 |
LoadResource | - | 0x41800c | 0x1a974 | 0x19974 | 0x2f6 |
InterlockedDecrement | - | 0x418010 | 0x1a978 | 0x19978 | 0x2bc |
GetEnvironmentStringsW | - | 0x418014 | 0x1a97c | 0x1997c | 0x1c1 |
AddConsoleAliasW | - | 0x418018 | 0x1a980 | 0x19980 | 0x6 |
SetEvent | - | 0x41801c | 0x1a984 | 0x19984 | 0x3d3 |
OpenSemaphoreA | - | 0x418020 | 0x1a988 | 0x19988 | 0x335 |
GetSystemTimeAsFileTime | - | 0x418024 | 0x1a98c | 0x1998c | 0x24f |
WriteFileGather | - | 0x418028 | 0x1a990 | 0x19990 | 0x48f |
CreateActCtxW | - | 0x41802c | 0x1a994 | 0x19994 | 0x68 |
GetEnvironmentStrings | - | 0x418030 | 0x1a998 | 0x19998 | 0x1bf |
LeaveCriticalSection | - | 0x418034 | 0x1a99c | 0x1999c | 0x2ef |
GetFileAttributesA | - | 0x418038 | 0x1a9a0 | 0x199a0 | 0x1c9 |
FindNextVolumeW | - | 0x41803c | 0x1a9a4 | 0x199a4 | 0x135 |
GetDevicePowerState | - | 0x418040 | 0x1a9a8 | 0x199a8 | 0x1b3 |
GetProcAddress | - | 0x418044 | 0x1a9ac | 0x199ac | 0x220 |
FreeUserPhysicalPages | - | 0x418048 | 0x1a9b0 | 0x199b0 | 0x150 |
VerLanguageNameW | - | 0x41804c | 0x1a9b4 | 0x199b4 | 0x44e |
WriteConsoleA | - | 0x418050 | 0x1a9b8 | 0x199b8 | 0x482 |
GetProcessId | - | 0x418054 | 0x1a9bc | 0x199bc | 0x225 |
LocalAlloc | - | 0x418058 | 0x1a9c0 | 0x199c0 | 0x2f9 |
RemoveDirectoryW | - | 0x41805c | 0x1a9c4 | 0x199c4 | 0x380 |
WaitForMultipleObjects | - | 0x418060 | 0x1a9c8 | 0x199c8 | 0x462 |
EnumResourceTypesW | - | 0x418064 | 0x1a9cc | 0x199cc | 0xf1 |
GetModuleFileNameA | - | 0x418068 | 0x1a9d0 | 0x199d0 | 0x1f4 |
GetModuleHandleA | - | 0x41806c | 0x1a9d4 | 0x199d4 | 0x1f6 |
EraseTape | - | 0x418070 | 0x1a9d8 | 0x199d8 | 0x102 |
GetStringTypeW | - | 0x418074 | 0x1a9dc | 0x199dc | 0x240 |
ReleaseMutex | - | 0x418078 | 0x1a9e0 | 0x199e0 | 0x377 |
EndUpdateResourceA | - | 0x41807c | 0x1a9e4 | 0x199e4 | 0xd7 |
LocalSize | - | 0x418080 | 0x1a9e8 | 0x199e8 | 0x302 |
FindFirstVolumeW | - | 0x418084 | 0x1a9ec | 0x199ec | 0x12a |
FindNextVolumeA | - | 0x418088 | 0x1a9f0 | 0x199f0 | 0x132 |
lstrcpyW | - | 0x41808c | 0x1a9f4 | 0x199f4 | 0x4b0 |
HeapAlloc | - | 0x418090 | 0x1a9f8 | 0x199f8 | 0x29d |
GetCommandLineA | - | 0x418094 | 0x1a9fc | 0x199fc | 0x16f |
GetStartupInfoA | - | 0x418098 | 0x1aa00 | 0x19a00 | 0x239 |
DeleteCriticalSection | - | 0x41809c | 0x1aa04 | 0x19a04 | 0xbe |
EnterCriticalSection | - | 0x4180a0 | 0x1aa08 | 0x19a08 | 0xd9 |
HeapFree | - | 0x4180a4 | 0x1aa0c | 0x19a0c | 0x2a1 |
VirtualFree | - | 0x4180a8 | 0x1aa10 | 0x19a10 | 0x457 |
VirtualAlloc | - | 0x4180ac | 0x1aa14 | 0x19a14 | 0x454 |
HeapCreate | - | 0x4180b0 | 0x1aa18 | 0x19a18 | 0x29f |
GetModuleHandleW | - | 0x4180b4 | 0x1aa1c | 0x19a1c | 0x1f9 |
Sleep | - | 0x4180b8 | 0x1aa20 | 0x19a20 | 0x421 |
ExitProcess | - | 0x4180bc | 0x1aa24 | 0x19a24 | 0x104 |
WriteFile | - | 0x4180c0 | 0x1aa28 | 0x19a28 | 0x48d |
GetStdHandle | - | 0x4180c4 | 0x1aa2c | 0x19a2c | 0x23b |
SetHandleCount | - | 0x4180c8 | 0x1aa30 | 0x19a30 | 0x3e8 |
GetFileType | - | 0x4180cc | 0x1aa34 | 0x19a34 | 0x1d7 |
GetLastError | - | 0x4180d0 | 0x1aa38 | 0x19a38 | 0x1e6 |
SetFilePointer | - | 0x4180d4 | 0x1aa3c | 0x19a3c | 0x3df |
TerminateProcess | - | 0x4180d8 | 0x1aa40 | 0x19a40 | 0x42d |
GetCurrentProcess | - | 0x4180dc | 0x1aa44 | 0x19a44 | 0x1a9 |
UnhandledExceptionFilter | - | 0x4180e0 | 0x1aa48 | 0x19a48 | 0x43e |
SetUnhandledExceptionFilter | - | 0x4180e4 | 0x1aa4c | 0x19a4c | 0x415 |
IsDebuggerPresent | - | 0x4180e8 | 0x1aa50 | 0x19a50 | 0x2d1 |
FreeEnvironmentStringsA | - | 0x4180ec | 0x1aa54 | 0x19a54 | 0x14a |
FreeEnvironmentStringsW | - | 0x4180f0 | 0x1aa58 | 0x19a58 | 0x14b |
WideCharToMultiByte | - | 0x4180f4 | 0x1aa5c | 0x19a5c | 0x47a |
TlsGetValue | - | 0x4180f8 | 0x1aa60 | 0x19a60 | 0x434 |
TlsAlloc | - | 0x4180fc | 0x1aa64 | 0x19a64 | 0x432 |
TlsSetValue | - | 0x418100 | 0x1aa68 | 0x19a68 | 0x435 |
TlsFree | - | 0x418104 | 0x1aa6c | 0x19a6c | 0x433 |
InterlockedIncrement | - | 0x418108 | 0x1aa70 | 0x19a70 | 0x2c0 |
SetLastError | - | 0x41810c | 0x1aa74 | 0x19a74 | 0x3ec |
GetCurrentThreadId | - | 0x418110 | 0x1aa78 | 0x19a78 | 0x1ad |
QueryPerformanceCounter | - | 0x418114 | 0x1aa7c | 0x19a7c | 0x354 |
GetTickCount | - | 0x418118 | 0x1aa80 | 0x19a80 | 0x266 |
GetCurrentProcessId | - | 0x41811c | 0x1aa84 | 0x19a84 | 0x1aa |
InitializeCriticalSectionAndSpinCount | - | 0x418120 | 0x1aa88 | 0x19a88 | 0x2b5 |
RtlUnwind | - | 0x418124 | 0x1aa8c | 0x19a8c | 0x392 |
LoadLibraryA | - | 0x418128 | 0x1aa90 | 0x19a90 | 0x2f1 |
SetStdHandle | - | 0x41812c | 0x1aa94 | 0x19a94 | 0x3fc |
GetConsoleCP | - | 0x418130 | 0x1aa98 | 0x19a98 | 0x183 |
GetConsoleMode | - | 0x418134 | 0x1aa9c | 0x19a9c | 0x195 |
FlushFileBuffers | - | 0x418138 | 0x1aaa0 | 0x19aa0 | 0x141 |
GetCPInfo | - | 0x41813c | 0x1aaa4 | 0x19aa4 | 0x15b |
GetACP | - | 0x418140 | 0x1aaa8 | 0x19aa8 | 0x152 |
GetOEMCP | - | 0x418144 | 0x1aaac | 0x19aac | 0x213 |
IsValidCodePage | - | 0x418148 | 0x1aab0 | 0x19ab0 | 0x2db |
HeapSize | - | 0x41814c | 0x1aab4 | 0x19ab4 | 0x2a6 |
GetConsoleOutputCP | - | 0x418150 | 0x1aab8 | 0x19ab8 | 0x199 |
WriteConsoleW | - | 0x418154 | 0x1aabc | 0x19abc | 0x48c |
MultiByteToWideChar | - | 0x418158 | 0x1aac0 | 0x19ac0 | 0x31a |
LCMapStringA | - | 0x41815c | 0x1aac4 | 0x19ac4 | 0x2e1 |
LCMapStringW | - | 0x418160 | 0x1aac8 | 0x19ac8 | 0x2e3 |
GetStringTypeA | - | 0x418164 | 0x1aacc | 0x19acc | 0x23d |
CloseHandle | - | 0x418168 | 0x1aad0 | 0x19ad0 | 0x43 |
CreateFileA | - | 0x41816c | 0x1aad4 | 0x19ad4 | 0x78 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetCursorPos | - | 0x418174 | 0x1aadc | 0x19adc | 0x119 |
Api name | EAT Address | Ordinal |
---|---|---|
@SetViceVariants@12 | 0x1000 | 0x1 |
80aad0ae2fec7897caf8648c99b16b6da20871feb05958cdd324b9f9c6c88b44 | Downloaded File | Stream |
clean
|
...
|
4ba75cecc974b157ac6734d2f6a925a30ac61760d60f326441bac30c95aceef4 | Downloaded File | Stream |
clean
|
...
|
9811b34e5885a16e5001187e9065a0886c709e028e2eff8a485374dcaf0bc6ed | Downloaded File | Stream |
clean
|
...
|
c64510503435c2143bad854faba7891308b4b089d140449ceb903620fea45d6a | Downloaded File | Stream |
clean
|
...
|
0ac261a3dd7e4e01964f219403d88223318e7b3fa6ccbb196bf2cd9da56151f7 | Embedded File | Stream |
clean
|
...
|