Rich Headers: leveraging this mysterious artifact of the PE format
Common Information
| Type | Value |
|---|---|
| UUID | 632acd22-7b51-4c1a-864d-587aa15cdbbf |
| Fingerprint | 6a82b81451bbdd65fbb2bd2ac73cb86b14194615fe06be79fc50a01c4ad9ae7c |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Dec. 3, 2019, 1:41 p.m. |
| Added to db | April 18, 2024, 10:45 a.m. |
| Last updated | Aug. 31, 2024, 1:14 a.m. |
| Headline | Rich Headers: leveraging this mysterious artifact of the PE format |
| Title | Rich Headers: leveraging this mysterious artifact of the PE format |
| Detected Hints/Tags/Attributes | 125/3/57 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 247 | www.virusbulletin.com |
|
| Details | Domain | 6 | eset.cz |
|
| Details | Domain | 1 | trojandownloader.zurgop.cy |
|
| Details | Domain | 1 | ramnit.bv |
|
| Details | Domain | 1 | spy.ursnif.cy |
|
| Details | Domain | 4129 | github.com |
|
| Details | Domain | 403 | securelist.com |
|
| Details | Domain | 262 | www.welivesecurity.com |
|
| Details | Domain | 54 | welivesecurity.com |
|
| Details | Domain | 2 | www.sec.in.tum.de |
|
| Details | Domain | 2 | journal.cecyf.fr |
|
| Details | Domain | 7 | yara.readthedocs.io |
|
| Details | 1 | peter.kalnai}@eset.cz |
||
| Details | File | 8 | link.exe |
|
| Details | File | 1 | kb.dll |
|
| Details | File | 1 | phpf746.exe |
|
| Details | File | 1 | moar.exe |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 2 | res.dll |
|
| Details | File | 2 | rds.dll |
|
| Details | File | 2 | zlib_x86.dll |
|
| Details | File | 1 | zlibwapi_x86.dll |
|
| Details | File | 2 | zlib_x64.dll |
|
| Details | File | 1 | zlibwapi_x64.dll |
|
| Details | File | 1 | xml.exe |
|
| Details | File | 1 | wsmprovav.exe |
|
| Details | File | 1 | performancemonitor.dll |
|
| Details | File | 1 | performancemonitor_64.dll |
|
| Details | File | 1 | performancemonitor_32.dll |
|
| Details | File | 1 | vb2018-kalnai-poslusny.pdf |
|
| Details | File | 1 | vb2018-rascagneres-mercer.pdf |
|
| Details | File | 5 | eset_greyenergy.pdf |
|
| Details | File | 3 | in.tum |
|
| Details | File | 6 | win32_industroyer.pdf |
|
| Details | File | 1 | vb2018-kafka.pdf |
|
| Details | File | 1206 | index.php |
|
| Details | File | 2 | pe.html |
|
| Details | Github username | 1 | ayalars |
|
| Details | Github username | 26 | eset |
|
| Details | Github username | 12 | virustotal |
|
| Details | IPv4 | 59 | 1.0.0.1 |
|
| Details | Url | 1 | https://github.com/ayalars/win/blob/master/private/sdktools/vctools/langapi/include/prodids.h |
|
| Details | Url | 1 | https://github.com/eset/malware-ioc/tree |
|
| Details | Url | 1 | https://securelist.com/a-predatory-tale/89779/. |
|
| Details | Url | 109 | https://www.virusbulletin.com |
|
| Details | Url | 13 | https://securelist.com |
|
| Details | Url | 6 | https://www.virusbulletin.com/uploads/pdf |
|
| Details | Url | 1 | https://www.welivesecurity.com/2018/04/03/lazarus-killdisk-central-american-casino/. |
|
| Details | Url | 4 | https://www.welivesecurity.com/wp-content/uploads/2018/10/eset_greyenergy.pdf |
|
| Details | Url | 3 | https://www.welivesecurity.com/2018/10/11/new- |
|
| Details | Url | 1 | https://github.com/virustotal/yara/blob/master/libyara/modules/pe.c#l190 |
|
| Details | Url | 1 | https://www.sec.in.tum.de/i20 |
|
| Details | Url | 4 | https://www.welivesecurity.com/wp-content |
|
| Details | Url | 1 | https://www.virusbulletin.com/uploads/pdf/magazine/2018 |
|
| Details | Url | 1 | https://journal.cecyf.fr/ojs/index.php/cybin/article/view/22/24. |
|
| Details | Url | 1 | https://www.welivesecurity.com/2017/04/06/sathurbot-distributed-wordpress- |
|
| Details | Url | 1 | https://yara.readthedocs.io/en/v3.7.0/modules/pe.html |