#.��P��{$c��̅]�elE�s9Ƭ4�%�81!3>_�&Et*��5�/)�y6ʕ���O�� �YԴN�e=�E��XXm��P�%E��>�����io����4B{�lo�Z��P{ `R�@D���)�oكo�;a�!�s�'FgH+���63�|�$�Z��l1��=w�02^���H��.n���v����=X|��H;sXC���r����|n2c�����F� �(��H�����E�My]���&�-]��G8�Td (*?��a&ϕҩ�!�<�2���rr5�!�it�:(��L������43`>�����5?�)|���7_�.��6���j���_�5����E�������^�d���m�8�Ok4�l�'/��)��Rf����.=��&�Փ1-p�J����hht]�E�;�`��M�|��]U�`�<"�V����'כ�xƃo�mu9����o1��_S�t����N J k���uG)�}�w�R�]ӼrB�^Q�_y]��r%����be$���sV�B���T����B[�� ��:o_�8ᦣ���ck�S���K�4�̃�PT̼U�A��l#lVl��g���.�������Z������0x=}*^Ne�4�E��6����;��QnHnjl�[�-��K�F�tQWx\����$ �=�����j�?�9�b��=9<���hh�}�}k�~���zps���ڰ�������c"�Wd��t�����-$'�9�*��^�o���3�M��L�DI2��͉3���)���.ik�p���n�ܳD���1>y�T��9�(f�Q�)"��S���gb���ϲ�O�����'����>q�c[V�� �#�E�h�s�w�f4 ��>g�>�N��flLS��i_�Y�[���'�L?|�����s|{�0t�R!��Z�a�_I�@�Z=@D���瓕����ߖ= �υ�N��g�&"p�N҉zv9��� YԱ��N�匳V��OSV��N_����rAl^�~����t-ۥ䗭��Ӟj;>И�ι~)l��j�l��%ҥ|�U.�V����9��.0d��c����8 �����0+�^����c(�p�3��S�l�VRZͣT����.,pu�F �JCe�.�L�ix����;�c��ɧ���螇(�4h����4R7��� ��%NM� a{W��2�V@� �lF�=Ŝ��#@%9g3l�!T=���l��ſ,`���_���l��1�&�VnF�n�H�%�J����r������!A$��H����ܞ�뫏o���r��=���}x�< �٧5̃h�R���4��B��8���������2'KLRA���8cA�t%Fܿ��B=�U�-=����` ��<�De�<�q[BK�:N&A���A�N�K�ᢪ����1� R�g��H���h�!��ŧ]���hQ�Q��a�j���oA�S����E �_bN��1l/ү�-N��Yy}�h�b�l��cd% ��RЋ�M��(BT!z�^��<��,F��3�:�i˰�0��&�ʋ��(q�������[Ӽ�?o$X�^̋��d��+�g*���n��!���99�iv-X��<&R��Ӻ��-rp�韠�Z�*l߫�,F�P%HyW��m���<B4��H���kܩw�_g�@�7�c����{�xf�?�z��V��'��??a�;V5/����R���~=����ھڶ����>�*2�W��|���cA��(���;�vKY��An'!�2K�A��5�B*_���������T��?)�D=d��bB���x�3�U�����"kҤ �&�v�HR�;u&Le������Y%ͺ�ՂOᮥ%M��4�dp, ]�uXw`#��&���$�OK�L�K����:6�.�0�r��G��z���~��������N$�E�)�f����s�T��V���Rْ���!�1�Z[�=��;;|���f��E,�[UXE���u�2��K1+r|�=�� ȳ+�0�4D$"�w��|4 �̐<o;�ߋ[v�����j>���v����6a2� �_���������-��#���` *�F�\�pk��Z���y%}c�o/l@ѫ�C�����/�s���0+$�=|Q C#����E�Z�'E`.��U�m�o�3��ăm��J(j}�5����^��r�x$3��6Y ������X��#)W*�h2�7�-:b݀���/�|<�8/54S}2q�x���z�������Q1�<�w�^+a������� oE�]��G�.��Q��$3n[���Ѧ�p�����7l�m+��q`��/��V���E�(3��d���r��#�|���@�A�Z�!w���4/������8n�9nH�O�>�M,�T�Fi�K��U�J쥥JBr쟖�����#�p�jkY�M ��I]��f����e�a�H�����RjK�?\S��z�H�^��^d�g:�h��$Z�����.�B>Ŷ��K��::,{�Z�o$ɰ���Z��c����GQ�ͩ�`t����PJ�y�q��I�u9�:�����Q������d�� U&��x w�nB��P���#9����^p��L{6�n}7;�6ϫ* �Ep�X�[�ߵ���ޠ����4W��9���Bnj�E> �Ipo Qb<�-j'o/z=y��Q������$�p���l��<��Ggj�C�� �,y�da~h���a��n�7 ���a��y?�1�����3.����A����t�ߣ0|X V��������Ѭ�7��:<�� ː����*?.m�\�e�6�r���xS���[o=����Kr�����@���JV����g����L��vfڐ��� �OڪK���Ή+��AJW��+�,��uf�<�,G�9I.��4a쟰���˖��/Ly<g��P����M���r��}<��\�TA�^��#���� ]iՂ��;B0\�B����Jፓ�����f6����=��ԫ��O���cT���� |d?dz9|U�%00^��k�+_���.���*o>�z� ����u��S�Z���xY�4�Ioi����d�A&����g�4)7#ϙ�]�Z��S1����=�pi��8#�����
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20221111-en
General
-
Target
Installer.rar
-
Size
6.1MB
-
MD5
bb5bbbd26a2a8dd3aa7592b2d6ebf0a3
-
SHA1
5c944136773d13336957a0d1ad70d4aec495912c
-
SHA256
000130c24c557a6463b815e63075c3f4c8643edc5a99d013b2f832bbd27f5837
-
SHA512
a17b52123b40e5d8bd3a617f506ab1b0fb9727b63998281cffc70dd35dc0f1d08a16d700cb689e8f48490c622d3cb425d0b9db71185a1e189fd016c49fd1260b
-
SSDEEP
196608:2JpF2SFG04ypZgDQ45maoucTnjGk+40zcKn12Pzy:2JpFQ04hp5mhTnjGkOcuge
Malware Config
Signatures
Files
-
Installer.rar.rar
Password: softbase
-
Setup.exe.exe windows x86
Password: softbase
11ea24073ee65343ee563e3160c77fde
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
lstrlenA
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
DestroyWindow
CharUpperBuffW
gdi32
GetObjectW
ole32
CoDecodeProxy
Exports
Exports
Sections
.text Size: - Virtual size: 93KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.;4G Size: - Virtual size: 3.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.#Q& Size: 1024B - Virtual size: 896B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.LKv Size: 6.2MB - Virtual size: 6.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ