Scribd Logo
Upload

Welcome to Scribd!

  • 38 views

    Microsoft OneNote Sample Targeting Cisco VPN Users Bypass All The AVs ?

    Uploaded by

    mohamed habi
    This document provides analysis of the file 23920a9337e02e4f8ee01aaeae91b172dab1c3a1028c2f55d4098fe1b2e4ff7f.exe, identifying it as a packed Windows executable that loads DLLs and calls API functions to potentially bypass antivirus detection and perform malicious activities on an infected system. Key details extracted include file attributes, compilation date, suspicious behaviors, extracted DLLs and API calls.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Microsoft OneNote Sample Targeting Cisco VPN Users Bypass All The AVs ?

    Uploaded by

    mohamed habi
    38 views6 pages
    This document provides analysis of the file 23920a9337e02e4f8ee01aaeae91b172dab1c3a1028c2f55d4098fe1b2e4ff7f.exe, identifying it as a packed Windows executable that loads DLLs and calls API functions to potentially bypass antivirus detection and perform malicious activities on an infected system. Key details extracted include file attributes, compilation date, suspicious behaviors, extracted DLLs and API calls.

    Original Title

    Microsoft OneNote Sample Targeting Cisco VPN Users Bypass All the AVs ?

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document provides analysis of the file 23920a9337e02e4f8ee01aaeae91b172dab1c3a1028c2f55d4098fe1b2e4ff7f.exe, identifying it as a packed Windows executable that loads DLLs and calls API functions to potentially bypass antivirus detection and perform malicious activities on an infected system. Key details extracted include file attributes, compilation date, suspicious behaviors, extracted DLLs and API calls.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    38 views6 pages

    Microsoft OneNote Sample Targeting Cisco VPN Users Bypass All The AVs ?

    Uploaded by

    mohamed habi
    This document provides analysis of the file 23920a9337e02e4f8ee01aaeae91b172dab1c3a1028c2f55d4098fe1b2e4ff7f.exe, identifying it as a packed Windows executable that loads DLLs and calls API functions to potentially bypass antivirus detection and perform malicious activities on an infected system. Key details extracted include file attributes, compilation date, suspicious behaviors, extracted DLLs and API calls.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 6

    Microsoft OneNote Sample Targeting Cisco VPN Users Bypass All the AVs

    MD5: 7221a9add2135ca5b10fee0be537ed67

    Sha256: 23920a9337e02e4f8ee01aaeae91b172dab1c3a1028c2f55d4098fe1b2e4ff7f

    MD5: 01ec00285e5928b479c3588cf305f674

    General information

    Name: 23920a9337e02e4f8ee01aaeae91b172dab1c3a1028c2f55d4098fe1b2e4ff7f.exe

    Description: Inspection of file:

    23920a9337e02e4f8ee01aaeae91b172dab1c3a1028c2f55d4098fe1b2e4ff7f.exe

    Type: executable/windows/dll64

    MIME: application/x-dosexec

    Magic: PE32&; executable (DLL) (GUI) x86-64, for MS Windows

    Size: 601600 (587.5 KiB)

    MD5: 01ec00285e5928b479c3588cf305f674

    SHA1: 7c7fef1c73fd6e87a566b1dbee5a4a1a477621b5

    SHA256: 23920a9337e02e4f8ee01aaeae91b172dab1c3a1028c2f55d4098fe1b2e4ff7f

    SSDEEP:12288:Njxfi5xyiN8D4Wp4Zen4q4Ny+0x9T8PDzwwFnzbmRY7PV3:xqr8D4WyZkeNc9T8bz
    RFnvmkP

    Compilation date : Fri Jan 27,2023


    Suspicious

    * windows_executable_analysis_nn_strong

    * High section entropy


    Attributions

    Implant:

    * PACKED

    * FILE INFECTOR

    Indicators of Compromise

    Command Line:

    * C:\Windows\sysnative\rundll32.exe
    C:\Users\user\AppData\Local\Temp\23920a9337e02e4f8ee0.dll;,CPlApplet

    Extracted:

    • SEPUpdate.dll
    • ADVAPI32.dll
    • GDI32.dll
    • KERNEL32.dll
    • USER32.dll
    • msvcrt.dll
    • .data
    • GetVolumeInformationW
    • QueryInformationJobObject
    • TlsSetValue
    • SetLastError
    • GetCommandLineW
    • GetTimeFormatEx
    • CreateNamedPipeW
    • GetFullPathNameA
    • GetQueuedCompletionStatus
    • InitializeCriticalSectionEx
    • LocalAlloc
    • CallbackMayRunLong
    • IsProcessInJob
    • LCIDToLocaleName
    • PostQueuedCompletionStatus
    • GetPrivateProfileStringW
    • GetLastError
    • GetLogicalProcessorInformation
    • InterlockedFlushSList
    • InitOnceComplete
    • ReleaseSRWLockShared
    • HeapSetInformation
    • FindResourceW
    • WriteConsoleW
    • VirtualAllocEx
    • ExitProcess
    • RtlUnwindEx
    • InterlockedPushEntrySList
    • CreateEventA
    • QueryPerformanceCounter
    • SetCommTimeouts
    • VirtualQuery
    • LoadLibraryExW
    • KERNEL32.dll
    • GetWindowRgn
    • GetCursorPos
    • SetCursorPos
    • SetForegroundWindow
    • DrawEdge
    • UpdateLayeredWindow
    • FlashWindowEx
    • FindWindowW
    • LoadIconW
    • CharNextW
    • IntersectRect
    • DrawFocusRect
    • FrameRect
    • SetWindowPlacement
    • PeekMessageW
    • GetLayeredWindowAttributes
    • GetCursorInfo
    • DispatchMessageW
    • SetCaretPos
    • UnregisterClassW
    • GetSystemMetrics
    • InvertRect
    • InflateRect
    • DefWindowProcW
    • GetMenuItemInfoW
    • USER32.dll
    • SetWorldTransform
    • StartDocW
    • GetRgnBox
    • CombineRgn
    • CloseFigure
    • CreateSolidBrush
    • DeleteObject
    • RestoreDC
    • MoveToEx
    • CreateFontIndirectA
    • CreatePen
    • ExtEscape
    • DeleteDC
    • CreateRectRgn
    • GetTextMetricsW
    • GetClipBox
    • StretchDIBits
    • BeginPath
    • GdiAlphaBlend
    • SaveDC
    • BitBlt
    • GDI32.dll
    • GetUserNameW
    • RegEnumValueA
    • InitializeAcl
    • RegCreateKeyExW
    • ADVAPI32.dll
    • memcpy

    You might also like