Resubmissions
05-11-2023 08:35
231105-kg29radc6s 3Static task
static1
General
-
Target
Installer.exe
-
Size
1.7MB
-
MD5
ee8a6ae10d83921cc852826e2770d65f
-
SHA1
d9bb0f543a0c1b4709838bc7700c40d74f3393c7
-
SHA256
cfe345c1fe72de6a95a6a300534cb76fd750c266921f2b89894ab8775fa69be6
-
SHA512
5ce340aa0d25ea8be6f44e1be6596f9725b67e2ad3b248a7c8cc14cf9413718b7f2046e88bc5155013160c6b25f63c8969e9ee7afaaf2346be7e682b703871f2
-
SSDEEP
24576:No9Hgj4uNl0HbNVCNkIG67E94uOaznnyBe8fY/il91243anETxhV0ReUKe:yHe4uNl0HbN4NkI7lPBe8A/Y1KnETMK
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Installer.exe
Files
-
Installer.exe.exe windows:6 windows x64
374a66de5b90d4d4953596426fa5883f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
d3d11
D3D11CreateDeviceAndSwapChain
ws2_32
accept
gethostname
ioctlsocket
htonl
freeaddrinfo
getaddrinfo
sendto
recvfrom
listen
ntohl
WSACleanup
WSAStartup
inet_pton
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
socket
send
recv
closesocket
crypt32
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFindCertificateInStore
CertFreeCertificateContext
PFXImportCertStore
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
CryptStringToBinaryA
advapi32
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptAcquireContextA
kernel32
TlsSetValue
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateThread
ExitThread
FreeLibraryAndExitThread
WriteFile
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
OutputDebugStringW
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
HeapReAlloc
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
VerSetConditionMask
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
SetStdHandle
ExitProcess
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
Sleep
SleepEx
GetSystemDirectoryA
GetLastError
GetEnvironmentVariableA
SetLastError
FormatMessageW
MoveFileExA
TlsFree
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
CloseHandle
WaitForSingleObjectEx
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
TlsGetValue
TlsAlloc
RtlUnwindEx
RaiseException
RtlPcToFileHeader
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetStringTypeW
GetSystemTimeAsFileTime
RtlUnwind
GetTimeZoneInformation
IsValidCodePage
LoadLibraryExW
DeleteFileW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
GetStdHandle
GetDriveTypeW
HeapSize
GetModuleHandleW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
LocalFree
FormatMessageA
GetCurrentDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetEndOfFile
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
GetCurrentThreadId
EncodePointer
DecodePointer
LCMapStringEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetACP
user32
MessageBoxA
GetWindowRect
UpdateWindow
GetSystemMetrics
SetWindowPos
SetLayeredWindowAttributes
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
UnregisterClassW
PostQuitMessage
DefWindowProcW
PeekMessageW
DispatchMessageW
TranslateMessage
LoadCursorW
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
GetClientRect
GetForegroundWindow
IsWindowUnicode
ReleaseCapture
SetCapture
GetCapture
GetKeyState
GetMessageExtraInfo
TrackMouseEvent
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
ole32
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitializeEx
imm32
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
ImmSetCandidateWindow
d3dcompiler_47
D3DCompile
Sections
.text Size: 937KB - Virtual size: 936KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 268KB - Virtual size: 267KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 488KB - Virtual size: 495KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 43KB - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 244B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ