Behavioral task
behavioral1
Sample
Inventor.2010.KeyGen/x64/adesk_patcher64.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Inventor.2010.KeyGen/x64/adesk_patcher64.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
Inventor.2010.KeyGen/x64/xf-a2010.exe
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
Inventor.2010.KeyGen/x64/xf-a2010.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
Inventor.2010.KeyGen/x86/xf-a2010.exe
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
Inventor.2010.KeyGen/x86/xf-a2010.exe
Resource
win10v2004-20231222-en
General
-
Target
767ebe5cc6f8826f5cd9974adb8025c8
-
Size
152KB
-
MD5
767ebe5cc6f8826f5cd9974adb8025c8
-
SHA1
6e726609407d80058a5384237f423c3b098d0e79
-
SHA256
749ff489ca62a4b49088eb7f68101e93cf654cb75c079370191a5db9e618794b
-
SHA512
20d0924938b2d915abe17ded569087ea1d7f93afec9a1856a01b84ade8491ad03989dc3c9699c8e60ba669447cdb29fecc649f395b2efb94d0b0ad11a9cc616b
-
SSDEEP
3072:orjYBZhVeIkTUauDdQS5HiPYBi3ZbBzObZvrYgfGBVdDQjbhysBtQ4w:oQpQIkUa+d5MwB6bBzKZvuV5AhysC
Malware Config
Signatures
-
resource yara_rule static1/unpack001/Inventor.2010.KeyGen/x64/xf-a2010.exe upx static1/unpack001/Inventor.2010.KeyGen/x86/xf-a2010.exe upx -
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
resource unpack001/Inventor.2010.KeyGen/x64/adesk_patcher64.exe unpack001/Inventor.2010.KeyGen/x64/xf-a2010.exe unpack001/Inventor.2010.KeyGen/x86/xf-a2010.exe
Files
-
767ebe5cc6f8826f5cd9974adb8025c8.rar
-
Inventor.2010.KeyGen/Readme.txt
-
Inventor.2010.KeyGen/x64/adesk_patcher64.exe.exe windows:5 windows x64 arch:x64
fb8706e67d7f3dea20d802431aaa552c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
Module32Next
lstrcmpA
Module32First
CreateToolhelp32Snapshot
OpenProcess
Process32First
GetLastError
GetCurrentThread
ExitProcess
ReadProcessMemory
CloseHandle
WriteProcessMemory
Process32Next
FlushInstructionCache
advapi32
ImpersonateSelf
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenThreadToken
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 906B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 74B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 72B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Inventor.2010.KeyGen/x64/xf-a2010.exe.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 216KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 73KB - Virtual size: 76KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
Inventor.2010.KeyGen/x86/xf-a2010.exe.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 212KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 72KB - Virtual size: 72KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE