Behavioral task
behavioral1
Sample
4枚入/0e13d2de381a85a570059dcd64f32d6aaefaf31db33229690d86941ff95d69b0.exe
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
4枚入/0e13d2de381a85a570059dcd64f32d6aaefaf31db33229690d86941ff95d69b0.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral3
Sample
4枚入/6ca9ebb67831dd22738c141040a748f3ffb713d13fc84e2c59021c89a279e304.exe
Resource
win7-20230621-en
Behavioral task
behavioral4
Sample
4枚入/6ca9ebb67831dd22738c141040a748f3ffb713d13fc84e2c59021c89a279e304.exe
Resource
win10v2004-20230621-en
General
-
Target
4枚入.rar
-
Size
4.1MB
-
MD5
e907d6f1d4c19a9232332850e90d95f8
-
SHA1
ab32c3c3c84d601edc7b8ecd067cf38c573ece41
-
SHA256
eeb3e20cdc80b28d3b46781bd57293c87cb030f5ebb354d588085f252423ee16
-
SHA512
438aceebe8b7065ab83e963594b33535c890ce67f828d1f93189648f6a2a283a466d3350dccd075b0023158b098a2cc4a69d049395adfce1d24eae9597d962b3
-
SSDEEP
98304:uFZF0LU72WnR4qOZn+0XamCQI5o3wQZkE7lj:aEUSWR/O8FmCQ9j
Malware Config
Signatures
-
resource yara_rule static1/unpack001/4枚入/6ca9ebb67831dd22738c141040a748f3ffb713d13fc84e2c59021c89a279e304.exe vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/4枚入/0e13d2de381a85a570059dcd64f32d6aaefaf31db33229690d86941ff95d69b0.exe
Files
-
4枚入.rar.rar
-
4枚入/0e13d2de381a85a570059dcd64f32d6aaefaf31db33229690d86941ff95d69b0.exe.exe windows x86
4b40ce2d7fa12432b905b1dca7c1335b
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mfc42
ord3079
ord4080
ord4622
ord4424
ord3738
ord815
ord561
ord825
ord641
ord693
ord810
ord686
ord2514
ord2621
ord1134
ord823
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord3825
ord4425
ord3597
ord324
ord4234
ord3398
ord3733
ord2582
ord6055
ord1776
ord4402
ord5290
ord3370
ord3640
ord2864
ord1146
ord1168
ord384
ord567
ord2302
ord6008
ord4000
ord2097
ord3996
ord537
ord2862
ord800
ord4160
ord540
ord2863
ord6215
ord4287
ord2379
ord755
ord470
ord6907
ord3998
ord3287
ord1200
ord922
ord924
ord926
ord3301
ord1576
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4627
ord4673
msvcrt
sscanf
_controlfp
_purecall
strstr
_CxxThrowException
_exit
_access
__dllonexit
_onexit
??1type_info@@UAE@XZ
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_setmbcp
__CxxFrameHandler
kernel32
SetFileAttributesA
Sleep
CreateProcessA
OutputDebugStringA
OpenEventA
GetCurrentThreadId
GetLastError
LoadLibraryA
GetFileAttributesExA
CreateDirectoryA
GetModuleFileNameA
SetLastError
GetCurrentProcessId
ReleaseMutex
GetTickCount
CreateFileA
DeleteFileA
GetTempPathA
WaitForSingleObject
ResetEvent
GetProcAddress
GetCommandLineA
GetModuleHandleA
GetStartupInfoA
CopyFileA
user32
EnableWindow
IsIconic
GetClientRect
DrawIcon
GetSystemMenu
AppendMenuA
SendMessageA
LoadIconA
GetCapture
PostThreadMessageA
GetDesktopWindow
GetFocus
GetForegroundWindow
GetSystemMetrics
msvcp60
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXXZ
?_Init@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXPBDIH@Z
??_7?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??_7?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??1locale@std@@QAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??1ios_base@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?str@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??_8?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
??_8?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??_7?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??1?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
ws2_32
WSACleanup
connect
gethostbyname
htons
Sections
.text Size: 28KB - Virtual size: 27KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Shared Size: 4KB - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 128KB - Virtual size: 124KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
4枚入/6ca9ebb67831dd22738c141040a748f3ffb713d13fc84e2c59021c89a279e304.exe.exe windows x86
cbb28a7c08387efb3c4b9ef70fdce57c
Code Sign
02:6e:6c:75:6c:a2:83:b7:46:6b:c7:ba:6b:e2:be:c9Certificate
IssuerCN=NVIDIA Corporation,ST=Hubei,C=China,1.2.840.113549.1.9.1=#1300Not Before27/11/2021, 05:19Not After31/12/2023, 16:00SubjectCN=NVIDIA Corporation,ST=Hubei,C=China,1.2.840.113549.1.9.1=#13000e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before21/09/2022, 00:00Not After21/11/2033, 23:59SubjectCN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
02:6e:6c:75:6c:a2:83:b7:46:6b:c7:ba:6b:e2:be:c9Certificate
IssuerCN=NVIDIA Corporation,ST=Hubei,C=China,1.2.840.113549.1.9.1=#1300Not Before27/11/2021, 05:19Not After31/12/2023, 16:00SubjectCN=NVIDIA Corporation,ST=Hubei,C=China,1.2.840.113549.1.9.1=#13000c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before21/09/2022, 00:00Not After21/11/2033, 23:59SubjectCN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
42:44:8a:3c:ed:a7:12:d4:0e:cb:bb:a8:51:56:d4:72:ec:4c:f0:9d:e8:e5:63:c6:d4:9b:0f:68:b5:b7:89:71Signer
Actual PE Digest42:44:8a:3c:ed:a7:12:d4:0e:cb:bb:a8:51:56:d4:72:ec:4c:f0:9d:e8:e5:63:c6:d4:9b:0f:68:b5:b7:89:71Digest Algorithmsha256PE Digest Matchestrue5b:fb:03:6a:ac:69:3d:38:1a:fd:df:b2:b2:dc:db:9a:7d:f5:61:80Signer
Actual PE Digest5b:fb:03:6a:ac:69:3d:38:1a:fd:df:b2:b2:dc:db:9a:7d:f5:61:80Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetVersionExA
HeapQueryInformation
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess
user32
GetClassInfoExA
gdi32
SelectPalette
oleaut32
VariantTimeToSystemTime
msimg32
TransparentBlt
comctl32
ImageList_Destroy
shlwapi
PathFindFileNameA
oledlg
ord8
gdiplus
GdipGetImageGraphicsContext
oleacc
CreateStdAccessibleObject
imm32
ImmReleaseContext
wininet
InternetWriteFile
winmm
PlaySoundA
winspool.drv
GetJobA
comdlg32
GetFileTitleA
advapi32
RegEnumKeyA
shell32
SHAppBarMessage
ole32
RegisterDragDrop
Sections
.text Size: - Virtual size: 1.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 337KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 3.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp1 Size: 4.2MB - Virtual size: 4.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 268B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 190KB - Virtual size: 189KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ