Static task
static1
General
-
Target
claracheat.exe
-
Size
4.4MB
-
MD5
c1e41b20bcdca3c9882031cf6fede44f
-
SHA1
1b7a739335a4b01557cc5e00892eb5d928871f8a
-
SHA256
fcb83ff8e9a2e3d3c23f9cac7213e039f98933672042605c4497a87c58201a66
-
SHA512
286d07168a69f84982e479c71276cbff142b016377ad5edb49e0e40806c99ed41882e7ff4a05551f123c0720fbb9abdc5fed156bf56430f4475089ba9555278a
-
SSDEEP
98304:ZNAgo+KW3Dqvv5KkORurziLlXnBH8F9YeguJ8rnMXi4x:ZvoQWR0urynBHgbUI9
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource claracheat.exe
Files
-
claracheat.exe.exe windows:6 windows x64 arch:x64
Password: 123
117bed0697417dbaf784bc1bbf151a76
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
normaliz
IdnToAscii
ws2_32
WSAGetLastError
wldap32
ord79
crypt32
CertFreeCertificateChain
advapi32
CryptAcquireContextA
kernel32
WideCharToMultiByte
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
MessageBoxA
shell32
ShellExecuteA
msvcp140
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
wininet
InternetReadFile
ntdll
RtlLookupFunctionEntry
dbghelp
ImageNtHeader
rpcrt4
RpcStringFreeA
psapi
GetModuleInformation
userenv
UnloadUserProfile
vcruntime140_1
__CxxFrameHandler4
vcruntime140
_CxxThrowException
api-ms-win-crt-stdio-l1-1-0
fwrite
api-ms-win-crt-heap-l1-1-0
realloc
api-ms-win-crt-runtime-l1-1-0
_invalid_parameter_noinfo_noreturn
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-filesystem-l1-1-0
rename
api-ms-win-crt-string-l1-1-0
strcat_s
api-ms-win-crt-convert-l1-1-0
strtol
api-ms-win-crt-time-l1-1-0
_time64
api-ms-win-crt-environment-l1-1-0
_dupenv_s
api-ms-win-crt-math-l1-1-0
_dclass
api-ms-win-crt-locale-l1-1-0
___lc_codepage_func
Sections
.text Size: - Virtual size: 538KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 262KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.CRACKED Size: - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.CRACKED Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Cwubs Size: - Virtual size: 252B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: - Virtual size: 5KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRACKED Size: - Virtual size: 2.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.CRACKED Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRACKED Size: 4.4MB - Virtual size: 4.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 80B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ