Static task
static1
General
-
Target
Safe2(2).zip
-
Size
2.2MB
-
MD5
7e50084041b741aeaeba7642f2b91b5d
-
SHA1
fb44bb3283b45beb7a5e3359179a670b0e98299e
-
SHA256
6dca27f4cfaab1dfd4f7d08b8af683a2bd348961aed96a8aa351eac52841d9b5
-
SHA512
afb97f9884f4f23540399f22e4d4fa17f387e89eaa2e9de5103c6b199f274ccffbe299e51d763431634cff154582261b7f863b1e202654887cdf742cbea12f79
-
SSDEEP
49152:7ofq1QqtCKG25gTlq3tA1jRX/WvrO2PwwKwl1baVu9YdrG+S/MAV9H:0fSJCawlq3tQjRevieKwlhauQG+S/MC1
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/Test2/Test2.dll
Files
-
Safe2(2).zip.zip
-
Test2/Test2.dll.dll windows x86
cfcf692f58c1fb911dc9e4c894c6a130
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GlobalUnlock
GlobalLock
lstrcpyA
VirtualProtect
GetProcAddress
GlobalFree
VirtualAlloc
VirtualFree
VirtualQuery
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
Sleep
GetCurrentProcess
GetCurrentThreadId
OpenThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
GetModuleHandleW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetModuleFileNameA
FindClose
FindFirstFileA
FindNextFileA
GetFullPathNameA
CreateDirectoryW
GetVolumeInformationA
GetComputerNameA
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
QueryPerformanceFrequency
ResetEvent
SystemTimeToFileTime
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatusEx
GetSystemTimeAsFileTime
FormatMessageW
CreateMutexA
QueryPerformanceCounter
FreeLibraryAndExitThread
CreateThread
GetFileAttributesA
CreateDirectoryA
MultiByteToWideChar
LoadLibraryA
WaitForSingleObjectEx
ReleaseMutex
GetCurrentThread
GetCurrentDirectoryW
EnterCriticalSection
WriteConsoleW
GetConsoleMode
GetStdHandle
GetEnvironmentVariableW
TlsAlloc
WaitForSingleObject
CancelIoEx
TryEnterCriticalSection
InitializeCriticalSection
TlsSetValue
SetFileCompletionNotificationModes
CreateIoCompletionPort
PostQueuedCompletionStatus
SetHandleInformation
DeleteCriticalSection
LeaveCriticalSection
SetLastError
TlsGetValue
SwitchToThread
GetProcessHeap
GlobalAlloc
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SetEvent
GetModuleHandleA
GetSystemTimePreciseAsFileTime
lstrlenW
GetModuleFileNameW
GetCurrentProcessId
WaitNamedPipeW
PeekNamedPipe
GetLastError
CloseHandle
WriteFile
ReadFile
CreateFileW
CreateEventW
user32
ScreenToClient
LoadCursorA
ClientToScreen
SetCapture
SetCursor
SetCursorPos
GetClientRect
GetForegroundWindow
ReleaseCapture
GetCapture
IsChild
CallWindowProcA
GetKeyState
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
FindWindowA
SetWindowLongA
GetCursorPos
advapi32
SystemFunction036
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
shell32
SHGetFolderPathA
SHGetFolderPathW
ShellExecuteA
msvcp140
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?id@?$ctype@D@std@@2V0locale@2@A
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bios_base@std@@QBE_NXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?uncaught_exceptions@std@@YAHXZ
??7ios_base@std@@QBE_NXZ
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?_Throw_Cpp_error@std@@YAXH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
_Query_perf_counter
_Query_perf_frequency
_Cnd_broadcast
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?setf@ios_base@std@@QAEHHH@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?is@?$ctype@D@std@@QBE_NFD@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
_Thrd_detach
_Cnd_timedwait
_Cnd_destroy_in_situ
_Thrd_sleep
_Cnd_init_in_situ
_Mtx_current_owns
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Thrd_id
_Thrd_join
_Xtime_get_ticks
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
d3dx9_42
D3DXCreateTextureFromFileInMemory
ntdll
RtlCaptureContext
crypt32
CertGetCertificateChain
CertAddCertificateContextToStore
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertEnumCertificatesInStore
CertOpenStore
CertFreeCertificateContext
CertCloseStore
CertDuplicateStore
CertDuplicateCertificateChain
CertDuplicateCertificateContext
secur32
ApplyControlToken
EncryptMessage
QueryContextAttributesW
FreeContextBuffer
AcceptSecurityContext
FreeCredentialsHandle
InitializeSecurityContextW
DecryptMessage
AcquireCredentialsHandleA
DeleteSecurityContext
ws2_32
setsockopt
bind
WSAGetLastError
WSARecv
getaddrinfo
closesocket
WSAGetOverlappedResult
shutdown
WSASocketW
WSASend
recv
WSAIoctl
getpeername
ioctlsocket
WSACleanup
WSAStartup
getsockopt
freeaddrinfo
winmm
PlaySoundA
imm32
ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext
xinput1_3
ord4
ord2
vcruntime140
_except_handler4_common
__std_type_info_destroy_list
memcpy
memmove
memset
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memchr
memcmp
strchr
_setjmp3
longjmp
strstr
_purecall
__CxxFrameHandler3
strrchr
api-ms-win-crt-runtime-l1-1-0
_invalid_parameter_noinfo_noreturn
_wassert
terminate
_cexit
_initterm
_beginthreadex
abort
_initterm_e
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
api-ms-win-crt-string-l1-1-0
strcpy
strncpy
strcpy_s
toupper
wcslen
strlen
_stricmp
strncmp
strcmp
strcat
api-ms-win-crt-heap-l1-1-0
_aligned_malloc
realloc
calloc
_callnewh
_aligned_free
malloc
free
api-ms-win-crt-math-l1-1-0
modf
_finite
_isnan
_dtest
cbrt
tan
log10
floor
exp
atan2
atan
asin
acos
_dsign
_dclass
log2
ceil
log
fmaxf
sin
trunc
cos
pow
fabs
fmod
sqrt
api-ms-win-crt-stdio-l1-1-0
fopen
__stdio_common_vsprintf_s
__acrt_iob_func
__stdio_common_vswprintf
ungetc
setvbuf
_fseeki64
fsetpos
fputc
fgetpos
fgetc
_get_stream_buffer_pointers
__stdio_common_vfprintf
__stdio_common_vsprintf
fwrite
ftell
fseek
fread
fflush
__stdio_common_vsscanf
_wfopen
fclose
api-ms-win-crt-time-l1-1-0
_ctime64
clock
_time64
api-ms-win-crt-utility-l1-1-0
srand
rand
qsort
api-ms-win-crt-convert-l1-1-0
atoi
strtol
atoll
atof
_itoa_s
strtoul
api-ms-win-crt-filesystem-l1-1-0
_lock_file
_unlock_file
remove
_wremove
api-ms-win-crt-locale-l1-1-0
localeconv
Sections
.text Size: 3.7MB - Virtual size: 3.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 916KB - Virtual size: 916KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 421KB - Virtual size: 679KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 126KB - Virtual size: 126KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ