Static task
static1
Behavioral task
behavioral1
Sample
cRARk.exe
Resource
win10v2004-20220812-en
General
-
Target
cRARk.exe
-
Size
779KB
-
MD5
9527824848f0b5d6242a70951ae31961
-
SHA1
50329a6fd43427c9b6b4e3aecf53257d623fb7a5
-
SHA256
aad04bee9b924e5da72abd4b07817638ee2419620f1d064e3f3c3e38931e656b
-
SHA512
748733b83c970b99381ac5225c17c54622e4b3d74a2326e6ebfa03799d36ae4964198f3b1633bb675f5d18a34e75a2b69383b10eaa05bf03fcd0c49ee1165dcc
-
SSDEEP
12288:/RJ53kaAk6HZN6sdregWB/fpakU9dhwqqnSCFCOjPWeXqen:pJ53kG6msd6j/fIk2sqqSC8OjPWe
Malware Config
Signatures
Files
-
cRARk.exe.exe windows x64
Password: infected
14e33e834a365d46d6184727739c6ee0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
SetPriorityClass
Sleep
SetLastError
GetLastError
FormatMessageW
LocalFree
SetConsoleCtrlHandler
GetCurrentDirectoryW
GetLongPathNameW
GetShortPathNameW
MoveFileW
CloseHandle
CreateFileW
FlushFileBuffers
SetFilePointer
ReadFile
SetEndOfFile
CreateDirectoryW
GetFileAttributesW
SetFileAttributesW
GetDriveTypeW
GetDiskFreeSpaceExW
DeleteFileW
FindClose
FindNextFileW
FindFirstFileW
GetPriorityClass
GetCurrentProcessId
LoadLibraryW
GetProcAddress
FreeLibrary
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetSystemTime
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
GetCPInfo
IsDBCSLeadByte
RtlVirtualUnwind
LCMapStringW
OutputDebugStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetEnvironmentVariableA
GetCurrentProcess
SetErrorMode
GetFileType
ReadConsoleW
GetConsoleMode
WriteConsoleW
WriteFile
GetModuleFileNameW
GetStdHandle
GetModuleFileNameA
SetStdHandle
SetFilePointerEx
HeapSize
RaiseException
LoadLibraryExA
HeapFree
RtlLookupFunctionEntry
RtlUnwindEx
HeapReAlloc
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
AreFileApisANSI
RtlPcToFileHeader
HeapAlloc
GetTimeZoneInformation
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcessHeap
GetCurrentThreadId
GetStringTypeW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetConsoleCP
RtlCaptureContext
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
user32
CharUpperW
CharLowerW
ExitWindowsEx
OemToCharBuffA
CharToOemBuffW
CharToOemBuffA
CharToOemA
MessageBeep
advapi32
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
Sections
.text Size: 633KB - Virtual size: 632KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 79KB - Virtual size: 79KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 15KB - Virtual size: 979KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 17KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data1 Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_DATA1 Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ