Static task
static1
Behavioral task
behavioral1
Sample
0661211795-LEXWARE.rar
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Rechnung Haufe Service Center.scr
Resource
win7-20221111-en
General
-
Target
0661211795-LEXWARE.rar
-
Size
306KB
-
MD5
9e96b317509e82b9a198e609b0da022f
-
SHA1
4502d839b27b25bb57587f536fb0d43db1aa4760
-
SHA256
8f84d2523ab64c97f0c7b99c65df84794ad7b834e70bdd286e4d35db3ad23576
-
SHA512
b1c7c1f17e08e890a362a7f51bb51671b1a64cbf18d3eaf47d150f31cda209705cb0f3cc5719e781852e96e7ab76c15af6aa22479776b05903b7d1f360b95c07
-
SSDEEP
6144:Lx0QbNxbCtqW7p2rzR8XOisSN7cJsuSDT+krHJfkNuue:6Oxbc4rtqKSN735TppMY9
Malware Config
Signatures
Files
-
0661211795-LEXWARE.rar.rar
-
Rechnung Haufe Service Center.scr.exe windows x86
de75a49608a6bdd400bdd20b6349d6e9
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
Sleep
ExitProcess
GetModuleHandleW
GetProcAddress
LoadResource
SizeofResource
FindResourceA
FreeConsole
GetSystemDirectoryW
GetModuleHandleExW
FreeLibrary
GetLocaleInfoEx
VirtualQuery
LCIDToLocaleName
InterlockedFlushSList
InitializeSListHead
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetCurrentThreadId
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTickCount
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
CreateEventW
InitializeCriticalSectionAndSpinCount
SetLastError
DecodePointer
EncodePointer
MultiByteToWideChar
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
FormatMessageW
GetLastError
LoadLibraryExW
msvcrt
_Getmonths
_Gettnames
_Strftime
isspace
tolower
___lc_collate_cp_func
_callnewh
_initterm
_initterm_e
_set_fmode
__p___argc
__p___argv
__p__commode
_controlfp_s
strcpy_s
?terminate@@YAXXZ
_lock
___mb_cur_max_func
___lc_handle_func
wcstombs_s
_setmbcp
_getmbcp
_iob
iswctype
_isctype_l
strnlen
wcstol
strtol
_mbtowc_l
wctomb_s
__CppXcptFilter
__getmainargs
__wgetmainargs
_environ
_wenviron
_msize
_XcptFilter
__set_app_type
?_set_new_mode@@YAHH@Z
_isatty
_fileno
_CIlog10
ceil
_clearfp
wcsnlen
wcscpy_s
abort
_CIpow
ldexp
frexp
strcspn
strtod
_errno
realloc
__strncnt
ungetc
setvbuf
_fseeki64
fsetpos
fread
fgetpos
fgetc
fflush
fclose
malloc
islower
___lc_codepage_func
_wcsdup
isupper
__pctype_func
calloc
rand
free
strlen
_amsg_exit
?name@type_info@@QBEPBDXZ
_except_handler4_common
memcmp
memchr
__uncaught_exception
__CxxFrameHandler3
_CxxThrowException
memset
memmove
memcpy
_Getdays
_unlock
strchr
wcsrchr
strrchr
Sections
.text Size: 378KB - Virtual size: 378KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 62KB - Virtual size: 62KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.msvcjmc Size: 512B - Virtual size: 341B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.00cfg Size: 512B - Virtual size: 260B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 303KB - Virtual size: 302KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ