Static task
static1
General
-
Target
Ares.Injector.exe
-
Size
538KB
-
MD5
011c7376a720cc6ef7db5d2a5e6aa9b8
-
SHA1
8d7e7c800d3b8abc486362701f8ab19e11a39b50
-
SHA256
ccadd8627304032b864de7d353a1cd27e654b69ab0ed96d11ecb7df3f4de8c1b
-
SHA512
be38811eac2c22960d5c8ebaed1a383242dc77d2b9f4398a270742ca81517f8b0f2a1bbed896260a356b1639d669b875777a7e17bec41e6772f7b155fca59e3f
-
SSDEEP
6144:MnFtO7OcjW4RFOGACfRdazht5bBnQbCMTN8hxEDD66jVP2mTzH3NPAbwsMtuCchU:ajCFvKv5bZQe4d7OmTltuCEEpny
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Ares.Injector.exe
Files
-
Ares.Injector.exe.exe windows:6 windows x64
defa4e66dae78d48860d3c48816e12c3
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
d3dcompiler_43
D3DCompile
d3d11
D3D11CreateDeviceAndSwapChain
kernel32
GlobalLock
WideCharToMultiByte
GlobalUnlock
WriteProcessMemory
GetModuleFileNameW
WaitForSingleObject
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CloseHandle
LoadLibraryW
Module32FirstW
VirtualAllocEx
CreateRemoteThread
Module32NextW
VirtualFreeEx
GetModuleHandleW
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetFileInformationByHandleEx
GetLastError
AreFileApisANSI
GetFileAttributesExW
GlobalAlloc
QueryPerformanceCounter
FreeLibrary
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
MultiByteToWideChar
FindFirstFileW
FindClose
CreateFileW
CreateDirectoryW
GetLocaleInfoEx
FormatMessageA
GlobalFree
GetSystemTimeAsFileTime
Sleep
LocalFree
user32
ShowWindow
RegisterClassExW
PostQuitMessage
UpdateWindow
GetWindowLongPtrW
UnregisterClassW
ScreenToClient
GetCapture
ClientToScreen
GetMessageExtraInfo
TrackMouseEvent
GetForegroundWindow
GetKeyState
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
CreateWindowExW
SetWindowLongPtrW
DestroyWindow
DefWindowProcW
OpenClipboard
TranslateMessage
PeekMessageW
DispatchMessageW
GetCursorPos
LoadCursorW
SetCursorPos
ReleaseCapture
IsWindowUnicode
SetCapture
GetClientRect
SetCursor
advapi32
RegSetValueExW
RegCreateKeyExW
RegCloseKey
ws2_32
WSAStartup
closesocket
WSACleanup
inet_addr
send
socket
htons
getsockopt
recv
connect
urlmon
URLDownloadToFileW
msvcp140
?_Xlength_error@std@@YAXPEBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?good@ios_base@std@@QEBA_NXZ
?_Xbad_function_call@std@@YAXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Syserror_map@std@@YAPEBDH@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?uncaught_exceptions@std@@YAHXZ
imm32
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow
ImmSetCompositionWindow
vcruntime140_1
__CxxFrameHandler4
vcruntime140
memcpy
memcmp
memset
_CxxThrowException
memchr
__current_exception_context
__current_exception
__C_specific_handler
strstr
__std_terminate
__std_exception_copy
__std_exception_destroy
memmove
api-ms-win-crt-heap-l1-1-0
free
_set_new_mode
_callnewh
malloc
api-ms-win-crt-runtime-l1-1-0
_initterm_e
_set_app_type
_seh_filter_exe
_cexit
_get_initial_narrow_environment
_initterm
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
exit
_invalid_parameter_noinfo_noreturn
terminate
_register_thread_local_exe_atexit_callback
_errno
_exit
__p___argc
_c_exit
__p___argv
api-ms-win-crt-stdio-l1-1-0
_set_fmode
__p__commode
ftell
_get_stream_buffer_pointers
_fseeki64
fsetpos
__acrt_iob_func
ungetc
setvbuf
fgetpos
fflush
fgetc
fputc
fseek
fclose
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fwrite
__stdio_common_vfprintf
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-string-l1-1-0
strcpy_s
strcat_s
strcmp
api-ms-win-crt-convert-l1-1-0
strtoll
strtod
strtoull
api-ms-win-crt-math-l1-1-0
cosf
_dclass
ceilf
acosf
sinf
_dsign
sqrtf
__setusermatherr
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
localeconv
___lc_codepage_func
api-ms-win-crt-filesystem-l1-1-0
_unlock_file
_lock_file
api-ms-win-crt-environment-l1-1-0
_dupenv_s
Sections
.text Size: 309KB - Virtual size: 308KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 209KB - Virtual size: 209KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 712B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ