Static task
static1
General
-
Target
sakura_blade.zip
-
Size
15.9MB
-
MD5
65465ba7a8cd3cef735bb2ab1db510c9
-
SHA1
60f2f6762b67ba62f2da4b4b77ef21c0f05ef822
-
SHA256
887e615ee16889f084d13de3fd20481c87627ec530d318f4cdffdc85410069a6
-
SHA512
0ba58f1cc04b3709bff82bb120a071ffeb85e879e762d12ec35089a5fa795837d928b62a17cdf201369f331c1b56282a44a7414db1b88b64f174b6f4497014ca
-
SSDEEP
393216:SBNQtLjLRXX1xiWuiBhvZTjo/owrDdJL/tn1fJ7J3DYQ516ViTr:JtNHZuiL5jrwFLnh33l16ViP
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/sakura_blade/sakura_blade.exe
Files
-
sakura_blade.zip.zip
Password: Infected
-
sakura_blade/lib/jl1.0.1.jar.jar
-
sakura_blade/lib/json-20141113.jar.jar
-
sakura_blade/lib/json-20211205.jar.jar
-
sakura_blade/lib/sk_mine_aa_util.jar.jar
-
sakura_blade/readme_en.txt
-
sakura_blade/readme_ja.txt
-
sakura_blade/sakura_blade.exe.exe windows x86
Password: Infected
c6e51dda1622035b42b177c9afe67c30
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
advapi32
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
kernel32
CloseHandle
CreateMutexA
CreateProcessA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindResourceExA
FormatMessageA
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetEnvironmentVariableA
GetExitCodeProcess
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GlobalMemoryStatusEx
InitializeCriticalSection
LeaveCriticalSection
LoadResource
LocalFree
LockResource
SetEnvironmentVariableA
SetLastError
SetUnhandledExceptionFilter
TlsGetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
msvcrt
_strdup
_stricoll
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_chdir
_close
_errno
_findclose
_findfirst
_findnext
_fullpath
_iob
_itoa
_onexit
_open
_read
_setmode
_stat64
_stricmp
abort
atexit
atoi
calloc
fclose
fopen
fprintf
fputs
free
fwrite
isspace
malloc
mbstowcs
memcpy
printf
puts
realloc
setlocale
signal
strcat
strchr
strcmp
strcoll
strcpy
strlen
strncat
strncpy
strpbrk
strrchr
strstr
strtok
tolower
vfprintf
wcstombs
shell32
ShellExecuteA
user32
CreateWindowExA
DispatchMessageA
EnumWindows
FindWindowExA
GetMessageA
GetSystemMetrics
GetWindowLongA
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
KillTimer
LoadImageA
MessageBoxA
PostQuitMessage
SendMessageA
SetForegroundWindow
SetTimer
SetWindowPos
ShowWindow
TranslateMessage
UpdateWindow
Sections
.text Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.eh_fram Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 35KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
sakura_blade/sakura_blade.jar.jar