Static task
static1
Behavioral task
behavioral1
Sample
专项查杀工具-信息中心20230831.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
专项查杀工具-信息中心20230831.exe
Resource
win10v2004-20230831-en
General
-
Target
voreo3q0.rar
-
Size
72KB
-
MD5
4a7eaa36cd73d4a8a9730d1b596bd91c
-
SHA1
ae262e29a3f460f824a2efc4fa5cb2fc6b76ebf4
-
SHA256
b0396539650785973229406221a7ed305a9083a82b245c887ffdab721f889ac8
-
SHA512
f0c8e626303c4bd46ded34cebbb1ea722e007044faf8fd6b11065bcb053b4a693034dc9d65379a981881db5e6088dd39b21f993c5596aeaccdaa8e00203443dd
-
SSDEEP
1536:9b4qsB2jo+pp4v8of4rKtOToH3P80JMyXDG2P0c73EgFH:V7o0pEgreFXUkzG28U3Egx
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/专项查杀工具-信息中心20230831.exe
Files
-
voreo3q0.rar.rar
Password: infected
-
config.txt
-
专项查杀工具-信息中心20230831.exe.exe windows x64
Password: infected
d65b3d4a77ad8df9e539c5557a7bd382
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
VirtualAlloc
VirtualFree
WriteConsoleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetFileType
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
CreateFileW
HeapSize
HeapReAlloc
ReadFile
ReadConsoleW
SetEndOfFile
Sections
.text Size: 98KB - Virtual size: 98KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ