�'{I�r*-���97����b�|+��2_�V$�Qڃx�t���㰰%�qr��E��&�$pa(L�E^答g0��gԴ7��M�``; �u��cF)�1�×����S�H��Te��Ųs �o�g.��@���~n>$`X��Ob��R��z9{�f_����J���ܙ �5}��p��b������I��4N�Sy�u��X��.b@�u��LlΥ��ci�����~���)(�d]��J_z �1�s����<���2��4�B��k1�T�Zl�p���^��zp�nl���a|>���zHy���p�~c��RT=�ܜO啀e9r��݂�X���1bGf�S�U����<�Y=��Y�5�Y�F�}��s�����V�^�[�s�~~S$ ���\ٯP��uL�ܨb���jI!�|��E�[8�j�^$p�Wc�)��5�Vr��4�tA�w@�����`��fI��i��2eX iu��*����Կ� t����o0�lRݧ�R�U���Io�=��_���ɗv�����0�8_��j+��6J�qy�p���80q���$�&��ב�A�MZ��dL�8��|��G�C �io[ۯ�^��d�t�M�~���x�{�Љ��M�g�+�}߫�r�$f��5��x7N���q?��pu�6[�ms�%�z��o��y�SVWR>#h���Ƃ�'�w�?#�U��<�-�:ɋ��~3���}����"�C�����> �f�qLd���qC�״a z�����`�m}ES�N�T� ���*�8R�̶,�'%G�&���KO�&��̻J��h3^��q���H<��Y��yt�5�'`GD�����w����29��4|�}<���ؗ�ޥq�T��0�O璻k�e~�Pz{���(1�ѬK�HӦ22��Z����Cz�V��Nl��L�W�f\v����z�����fI��X�g���.���豝�N��`j�lg5��!d����B��&'0�d�ƣܼ~7�C�!|G)��ܑ"��o�&��!��¨+���� n� [_��%/h鄸 ��<.�p�d�*�lMs�SOk���(�e�Tn�:��"ڎ׀L���O�x}V��d��A�К/\wD��˵C�UG9ްNV^����k�Y9��@��pe��c>�FK��� p*�����Qg�hrg<���)F��mf��1����7K�1EQנ��w��>�$W�Z�K����T`xmm@������N����1%���AV[��D��l���D�{��,�.[l-�Z��3@�E����Vt��D�=2g7r���<�ރ�ї�!�;�����AG_ao�C`ږ��3��ܬQ����ZUC��mӊ|a���qev-�&%��4*i0j���Vh��37��טdvO�I|�A|�a��HD���M��� Xl� �FV����:�,y�z&��'}����m�g�<�v!��97Z����'֏�rO7�2�o9�r�����ƪ��`��OVl�uz��8%�D�JR+�W��Az�WK�<�}��o"eN��VQ�,�0q�I�Ḥ�/�hBv��IXE��[9.�j98�9��Ʉ?���ߠ�Ux���u����fp����~��r��bI�d�Cd�rE�dr�VV��tr �Q��֔~y�^ϒ��xI[��~Tu�V$�W���Dp�ͳ���_���z��!b2�T��_�q���I�V��Dh�G��8n���O����*oF��IL�"���<����@VM�17!|��ҧx �xCTt�5t�H�b=�k-���@����~��������C_:4�$����%+�)a�E� ����P�՞^7GM�z�.����k�ⲁ�T���_n%^�͓H�nҹ�� ��`�UDqA�& ~W��y���=�����]�%i�?TMKd\&�j��� \+�x�������%tJF�͵~��O�Q�ʢ"@���O�Q�Jx�>H#!s��~�v������_�nnD���?�´o?ᨧT�#�a���B(������#*ڜ��6JE8ʊ]R��E���0N���]��x���+ׂ�Xr.��<w����������)��&62n$j+�4��=;r�O��W�)[x��6l˽"Z��u�.\^3���ݲR�� �n��8�*��Ը�g�ԕ��� �f���z�X���j�P���6�(���o��zb> �6��n?��H��l��|=~�#�qs�9/�RL���ǃ�������Y"�N�I_e]�1���9{�(��F�V�p�2�w:-ƍ-�����3�ǚ��X���Q��a�A�R��r����0g�[5L����-�>�9�5��o#OD2鸻ܜh�O<@��M�m˙�w-��e3���;�ie���Kެl]�[��S��"��w?3SjfY��21�����|p��D�q�SG��Zc���'6���uP��� NZ㕲���\t�K�u9s��5P��%��^��<7����l�z�bZ ���F�����&����]��4&݅t����?r����f�5c�,K��.n�w-�� Mdn�?s�1����X�Sd��ۄ��Z�����Q��;zɤ�.���Qwq.�h�g�"Ř����Z�կ�_ˑފ$�k�Cb�$ �˞�xr�$ 50�|��B������*N?����ȹj�c3�(��dy��V��"��PTƟ&wcl� �dO�?n>�&��T������p��iU��G���E�/��� ����X x;k��9�t����+0��O�J���f��N���U#h�[_ǔ �����zg^�í-�p��"��=�e]>�px�噲Z�K]R�*�P��5�T���/�Yw[��EEȐ��/S��{������r�5��i�·�i����nfkӲ{��SD����P19��%if��{�;���b�vT�ŭ���-�D�0���R��̏��~N9���đ�c���m�d�4����+`z&0&��������|�߸��%��$��������X����.��q 5^���}^�]�âPr�߿d��EƢ�$*Dcl)��FT��%��+Q"��������F�ݬ��l��S���딐߅�d&�2�������6��@0�V�gƊCH���L)w���`81�����C���bmܒ�~����s/�:��@z�������^^h���[[��N�,>��)j��M8�_���yI{p���=y�]f0m�����r��j`⍛=P��@������D �?E6�i)���� �ؼ,���bq��h�R�A�_��|u�H�|��p�d���� ���t�Dl�@����e�1�C��<Tnw7���|]���59����&�;����s{+�������R��L�:-���Q[1�חA��$Fx�~C��`����8�/��@�� ����,.� j�^��0䛃i��1R���K�v���R�� =�{���}>�1�Sd�&˘���0��m�xq���^����M �XT} �٣���7u3L���&dD� q ƽDՅ4� ��Z���d>j�*�YTa��.�W���A�i1D }GjC�'.��2BFSg�1�,, �Iq�Đ/̀a�Q��R\vA�&}B`�'���5c������d�t�����}��~T�F��)�������N��)*��A��\��b{�î��kh��4������{"U#�j���2x�a�ߝ�
Static task
static1
Behavioral task
behavioral1
Sample
CupFixer.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
CupFixer.exe
Resource
win10-20231023-en
Behavioral task
behavioral3
Sample
CupFixer.exe
Resource
win10v2004-20231023-en
General
-
Target
CupFixer.exe
-
Size
8.7MB
-
MD5
1f2ef76d1e445de858ded5a0b2834630
-
SHA1
03d0bdfbfc8069fc057e5c70a2a9d0e8a37c5576
-
SHA256
84be47f95a3422f33b93fa9549b916885ff113258f21c13aa2ffbab7aea5cfd4
-
SHA512
ffc92eadbb7469c86c6087bdb41a5767bd138ad76123b03acecf19e2a95cc4456e4ef39719dd2df45b365e1eac1c252b7a8254fb2db691674a26c68a57b58eda
-
SSDEEP
196608:XUJlpPbv3H6bESgmATk/Pesw3ixXnhoy42CHo9g8BmOxxZrYPBNFYIX:XUJPebpgmATkcIXKH2oo9g8IOxxW3e
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource CupFixer.exe
Files
-
CupFixer.exe.exe windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Exports
Exports
Sections
Size: 233KB - Virtual size: 564KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 38KB - Virtual size: 116KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: - Virtual size: 80KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 77KB - Virtual size: 80KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 289KB - Virtual size: 37.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 8.0MB - Virtual size: 8.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE