Static task
static1
General
-
Target
Agentes de Red (Activador Antivirus).zip
-
Size
75.2MB
-
MD5
9f92a50fd2a24023226303bd616a9141
-
SHA1
f790f2bd53d7f5a21f8efa20bf273a52ddd2d55f
-
SHA256
bad60bd7f4083dd55ccd629f3d93ffb6127cf8e0de17d27da0dcada26839105b
-
SHA512
6e0d311531485937248a6c77e2e3bba364a2c1d3f8d37c88141be0c036655e7f31bb7d677d3d51871257ae2d0700b8045a381ec9613be3904aec7a283f3de45a
-
SSDEEP
1572864:iIDUjWKBVNwcCxO782kbAfbmG6uRxIDUjWKBVNwcCxO782kbAfbjGFz7fr:aVNwfxo8dbAyGtNVNwfxo8dbAvGFzTr
Malware Config
Signatures
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/Agentes de Red (Activador Antivirus)/ALTERNO, BOLIVAR y TV/installer.exe unpack001/Agentes de Red (Activador Antivirus)/SEDE y 5 de FEB/installer.exe
Files
-
Agentes de Red (Activador Antivirus).zip.zip
-
Agentes de Red (Activador Antivirus)/ALTERNO, BOLIVAR y TV/installer.exe.exe windows:5 windows x86
d32544d99bbe79ab11dcaf8b11ee0cc1
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetExitCodeProcess
TerminateProcess
WaitForMultipleObjects
SetInformationJobObject
GetCurrentProcess
CreateJobObjectW
GetCurrentThread
GetSystemDirectoryW
IsProcessInJob
AssignProcessToJobObject
QueryInformationJobObject
ResumeThread
MoveFileExW
WideCharToMultiByte
GetTickCount
GetSystemTimeAsFileTime
FindFirstFileW
FindClose
SetFileAttributesA
FindNextFileW
FileTimeToLocalFileTime
GetFileInformationByHandle
InterlockedIncrement
InterlockedDecrement
CreateFileA
GetFileSize
MapViewOfFile
UnmapViewOfFile
WriteFile
ReadFile
GetFileType
CreateFileMappingW
GetSystemInfo
GetLocaleInfoA
GetStringTypeA
GetCPInfo
InitializeCriticalSection
GetLocaleInfoW
GetVersionExW
LeaveCriticalSection
CompareStringW
LCMapStringA
EnumSystemLocalesA
EnterCriticalSection
GetStringTypeW
CompareStringA
DeleteCriticalSection
LCMapStringW
Sleep
InterlockedExchange
GetSystemDefaultLangID
GetEnvironmentStringsW
SetEvent
GetSystemDefaultLCID
GetACP
RaiseException
FreeEnvironmentStringsW
GetVersion
CreateDirectoryW
CopyFileW
FileTimeToSystemTime
FlushFileBuffers
RemoveDirectoryW
DeleteFileW
QueryPerformanceCounter
QueryPerformanceFrequency
GetThreadTimes
CreateMutexW
OpenProcess
GetCurrentDirectoryW
FindResourceW
LoadResource
FreeLibrary
LockResource
RemoveVectoredExceptionHandler
SetUnhandledExceptionFilter
GetProcessHeap
AddVectoredExceptionHandler
SetConsoleCtrlHandler
ReleaseSemaphore
CreateSemaphoreW
GetCurrentThreadId
GetCurrentProcessId
GetComputerNameExW
HeapAlloc
HeapFree
VirtualFree
HeapDestroy
HeapCreate
VirtualAlloc
HeapWalk
SetHandleInformation
FormatMessageA
GetSystemDirectoryA
SetLastError
LoadLibraryA
GetStartupInfoW
GlobalMemoryStatusEx
IsDebuggerPresent
Module32FirstW
CreateToolhelp32Snapshot
Module32NextW
LocalAlloc
SleepEx
PeekNamedPipe
GetStdHandle
VerSetConditionMask
VerifyVersionInfoA
GetModuleHandleA
GetOEMCP
IsValidCodePage
GetFullPathNameW
GetFileAttributesA
CreateProcessA
DuplicateHandle
CreatePipe
SearchPathA
SetConsoleMode
ReadConsoleInputA
WaitForSingleObject
CreateProcessW
SetEndOfFile
SetFilePointer
SetFileAttributesW
FlushConsoleInputBuffer
GlobalMemoryStatus
GetSystemTime
SystemTimeToFileTime
SetEnvironmentVariableA
GetCurrentDirectoryA
GetFullPathNameA
GetTimeZoneInformation
IsValidLocale
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
RtlUnwind
HeapSize
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
TlsFree
CreateFileW
ReleaseMutex
GetFileAttributesW
TlsSetValue
TlsAlloc
TlsGetValue
FindFirstFileA
GetDriveTypeA
GetDateFormatA
GetTimeFormatA
ExitThread
UnhandledExceptionFilter
GetStartupInfoA
ExpandEnvironmentStringsW
CreateThread
CloseHandle
CreateEventW
GetProcAddress
GetLastError
GetPrivateProfileIntW
GetTempPathW
WritePrivateProfileStringW
lstrlenW
MultiByteToWideChar
GetModuleFileNameW
FormatMessageW
LoadLibraryW
GetPrivateProfileStringW
GetModuleHandleW
OutputDebugStringW
LoadLibraryExW
GetCommandLineW
SetFileApisToANSI
SetErrorMode
SetHandleCount
HeapReAlloc
GetConsoleMode
InterlockedCompareExchange
GetUserDefaultLCID
GetStringTypeExW
ExitProcess
SetStdHandle
GetConsoleCP
user32
PeekMessageW
MessageBoxW
DispatchMessageW
SetWindowTextW
MsgWaitForMultipleObjects
EnableWindow
SendMessageW
SetDlgItemTextW
WaitForInputIdle
MessageBoxA
CharUpperBuffW
CharLowerBuffW
DialogBoxParamW
EndDialog
GetSysColor
DestroyWindow
GetWindowRect
PostQuitMessage
LoadIconW
InvalidateRect
GetDlgItem
SetWindowPos
ShowWindow
CreateDialogParamW
GetSystemMetrics
LoadStringW
GetUserObjectInformationW
GetProcessWindowStation
gdi32
CreateSolidBrush
SetBkColor
crypt32
CertVerifyTimeValidity
CryptMsgOpenToDecode
CryptMsgGetParam
CryptVerifyCertificateSignature
CryptMsgUpdate
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptDecodeObjectEx
CertOpenStore
CryptQueryObject
CryptDecodeObject
CertGetIssuerCertificateFromStore
CryptMsgClose
Sections
.text Size: 2.4MB - Virtual size: 2.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 587KB - Virtual size: 587KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 76KB - Virtual size: 111KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.trc Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
STLPORT_ Size: 512B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 166KB - Virtual size: 165KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Agentes de Red (Activador Antivirus)/SEDE y 5 de FEB/installer.exe.exe windows:5 windows x86
d32544d99bbe79ab11dcaf8b11ee0cc1
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetExitCodeProcess
TerminateProcess
WaitForMultipleObjects
SetInformationJobObject
GetCurrentProcess
CreateJobObjectW
GetCurrentThread
GetSystemDirectoryW
IsProcessInJob
AssignProcessToJobObject
QueryInformationJobObject
ResumeThread
MoveFileExW
WideCharToMultiByte
GetTickCount
GetSystemTimeAsFileTime
FindFirstFileW
FindClose
SetFileAttributesA
FindNextFileW
FileTimeToLocalFileTime
GetFileInformationByHandle
InterlockedIncrement
InterlockedDecrement
CreateFileA
GetFileSize
MapViewOfFile
UnmapViewOfFile
WriteFile
ReadFile
GetFileType
CreateFileMappingW
GetSystemInfo
GetLocaleInfoA
GetStringTypeA
GetCPInfo
InitializeCriticalSection
GetLocaleInfoW
GetVersionExW
LeaveCriticalSection
CompareStringW
LCMapStringA
EnumSystemLocalesA
EnterCriticalSection
GetStringTypeW
CompareStringA
DeleteCriticalSection
LCMapStringW
Sleep
InterlockedExchange
GetSystemDefaultLangID
GetEnvironmentStringsW
SetEvent
GetSystemDefaultLCID
GetACP
RaiseException
FreeEnvironmentStringsW
GetVersion
CreateDirectoryW
CopyFileW
FileTimeToSystemTime
FlushFileBuffers
RemoveDirectoryW
DeleteFileW
QueryPerformanceCounter
QueryPerformanceFrequency
GetThreadTimes
CreateMutexW
OpenProcess
GetCurrentDirectoryW
FindResourceW
LoadResource
FreeLibrary
LockResource
RemoveVectoredExceptionHandler
SetUnhandledExceptionFilter
GetProcessHeap
AddVectoredExceptionHandler
SetConsoleCtrlHandler
ReleaseSemaphore
CreateSemaphoreW
GetCurrentThreadId
GetCurrentProcessId
GetComputerNameExW
HeapAlloc
HeapFree
VirtualFree
HeapDestroy
HeapCreate
VirtualAlloc
HeapWalk
SetHandleInformation
FormatMessageA
GetSystemDirectoryA
SetLastError
LoadLibraryA
GetStartupInfoW
GlobalMemoryStatusEx
IsDebuggerPresent
Module32FirstW
CreateToolhelp32Snapshot
Module32NextW
LocalAlloc
SleepEx
PeekNamedPipe
GetStdHandle
VerSetConditionMask
VerifyVersionInfoA
GetModuleHandleA
GetOEMCP
IsValidCodePage
GetFullPathNameW
GetFileAttributesA
CreateProcessA
DuplicateHandle
CreatePipe
SearchPathA
SetConsoleMode
ReadConsoleInputA
WaitForSingleObject
CreateProcessW
SetEndOfFile
SetFilePointer
SetFileAttributesW
FlushConsoleInputBuffer
GlobalMemoryStatus
GetSystemTime
SystemTimeToFileTime
SetEnvironmentVariableA
GetCurrentDirectoryA
GetFullPathNameA
GetTimeZoneInformation
IsValidLocale
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
RtlUnwind
HeapSize
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
TlsFree
CreateFileW
ReleaseMutex
GetFileAttributesW
TlsSetValue
TlsAlloc
TlsGetValue
FindFirstFileA
GetDriveTypeA
GetDateFormatA
GetTimeFormatA
ExitThread
UnhandledExceptionFilter
GetStartupInfoA
ExpandEnvironmentStringsW
CreateThread
CloseHandle
CreateEventW
GetProcAddress
GetLastError
GetPrivateProfileIntW
GetTempPathW
WritePrivateProfileStringW
lstrlenW
MultiByteToWideChar
GetModuleFileNameW
FormatMessageW
LoadLibraryW
GetPrivateProfileStringW
GetModuleHandleW
OutputDebugStringW
LoadLibraryExW
GetCommandLineW
SetFileApisToANSI
SetErrorMode
SetHandleCount
HeapReAlloc
GetConsoleMode
InterlockedCompareExchange
GetUserDefaultLCID
GetStringTypeExW
ExitProcess
SetStdHandle
GetConsoleCP
user32
PeekMessageW
MessageBoxW
DispatchMessageW
SetWindowTextW
MsgWaitForMultipleObjects
EnableWindow
SendMessageW
SetDlgItemTextW
WaitForInputIdle
MessageBoxA
CharUpperBuffW
CharLowerBuffW
DialogBoxParamW
EndDialog
GetSysColor
DestroyWindow
GetWindowRect
PostQuitMessage
LoadIconW
InvalidateRect
GetDlgItem
SetWindowPos
ShowWindow
CreateDialogParamW
GetSystemMetrics
LoadStringW
GetUserObjectInformationW
GetProcessWindowStation
gdi32
CreateSolidBrush
SetBkColor
crypt32
CertVerifyTimeValidity
CryptMsgOpenToDecode
CryptMsgGetParam
CryptVerifyCertificateSignature
CryptMsgUpdate
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptDecodeObjectEx
CertOpenStore
CryptQueryObject
CryptDecodeObject
CertGetIssuerCertificateFromStore
CryptMsgClose
Sections
.text Size: 2.4MB - Virtual size: 2.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 587KB - Virtual size: 587KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 76KB - Virtual size: 111KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.trc Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
STLPORT_ Size: 512B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 166KB - Virtual size: 165KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
checksums.txt