Static task
static1
General
-
Target
SOSAInstall.exe
-
Size
595.3MB
-
MD5
d81955a9e15777f037a781e57e027cb9
-
SHA1
2f419acf024f4930cd30ff25fd164b4baa020597
-
SHA256
dd47c6a4071dcdda225fceedfa2f7d736744f2846842a0ce7618fa282b2026b8
-
SHA512
954d8cf92207a1080ecf66eee31d3a15be117f5834526869cbb8b0d839901b011120b36aba406bd1f46925c06e21f93aa264d2cd7132244e44c1cd200867cc89
-
SSDEEP
12582912:OqEDaIAl8NI+P/m1Ayh9UfhfbGu0d2TdXOsGdhP:qmIeCnm1Ayh92h6u/TlnqJ
Malware Config
Signatures
-
CustAttr .NET packer 1 IoCs
Detects CustAttr .NET packer in memory.
resource yara_rule sample CustAttr -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource SOSAInstall.exe
Files
-
SOSAInstall.exe.exe windows x86
b48671fed9d5ca4906417d42fcdb066b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetLastError
ResetEvent
CreateEventW
CloseHandle
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
LoadLibraryW
GetModuleFileNameW
FormatMessageW
LocalFree
GetWindowsDirectoryW
CreateFileW
SetFileTime
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
GetFileInformationByHandle
DeleteFileW
GetShortPathNameW
GetFullPathNameW
lstrlenW
GetCurrentDirectoryW
GetTempFileNameW
FindClose
FindFirstFileW
FindNextFileW
GetFileSize
SetFilePointer
ReadFile
WriteFile
SetEndOfFile
DeleteCriticalSection
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
GetCurrentProcessId
InitializeCriticalSection
QueryPerformanceCounter
GetTickCount
Sleep
LocalAlloc
GetProcAddress
SetCurrentDirectoryW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
SetThreadUILanguage
SetThreadLocale
GetVersion
GetCommandLineW
CreateProcessW
GetExitCodeProcess
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
IsValidCodePage
GetOEMCP
RaiseException
GetACP
GetCPInfo
LoadLibraryA
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
WaitForSingleObject
SetEvent
GetVersionExW
VirtualAlloc
GetCurrentThreadId
VirtualFree
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
HeapFree
HeapAlloc
ExitThread
CreateThread
HeapReAlloc
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
GetModuleHandleW
ExitProcess
GetModuleFileNameA
TlsGetValue
user32
SetForegroundWindow
CharUpperW
GetWindowRect
DestroyWindow
RegisterWindowMessageW
AdjustWindowRect
LoadImageW
LoadIconW
KillTimer
SetTimer
EndDialog
IsDlgButtonChecked
SetDlgItemTextW
GetDlgItem
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
LoadStringW
DialogBoxParamW
CreateDialogParamW
SystemParametersInfoW
PeekMessageW
GetDesktopWindow
MessageBoxW
SendMessageW
GetWindowLongW
SetWindowLongW
ShowWindow
MoveWindow
PostMessageW
gdi32
GetObjectW
advapi32
RegSetValueExW
RegCreateKeyExW
RegCloseKey
shell32
SHGetFolderPathW
ShellExecuteExW
ole32
CoInitializeEx
CoInitialize
CoCreateInstance
oleaut32
SysAllocStringLen
SysFreeString
VariantClear
SysAllocString
Sections
.text Size: 193KB - Virtual size: 192KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 37KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 85KB - Virtual size: 85KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ