Static task
static1
General
-
Target
penis.exe
-
Size
576KB
-
MD5
b773715d3d139804d8b39404ff848bb5
-
SHA1
8f6abc1e51471afe49cd30c6d5913acf8d64fbb3
-
SHA256
af8987bd09ac5577b9ecf557ba0563262d658769134febac44ccef3bb44b3067
-
SHA512
552c484ed4731479338b3f1577ae2a5d333bed235a55268af7ae83d1abfdfa3dec436f6c92e8435a428dbaef3af975f6bb67317b1f85f50dd1678d6c631718a1
-
SSDEEP
12288:PKBVw4DNtXGs6R97em3yT7DHs/pZe4Y+pH391HL:mG4DNtXb6RIT7DHs/phYqH3nr
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource penis.exe
Files
-
penis.exe.exe windows:6 windows x64 arch:x64
389500d4d890632c3ed5090e60866efb
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
shell32
CommandLineToArgvW
kernel32
IsProcessorFeaturePresent
HeapSize
GetCommandLineW
WideCharToMultiByte
LocalFree
FlushFileBuffers
GetLastError
IsDebuggerPresent
GetConsoleScreenBufferInfo
LoadLibraryW
GetProcAddress
FreeLibrary
GetConsoleOutputCP
WriteFile
MultiByteToWideChar
InitializeCriticalSection
QueryPerformanceFrequency
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
DuplicateHandle
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SwitchToThread
Sleep
GetStdHandle
CloseHandle
ResumeThread
WaitForSingleObject
GetExitCodeThread
LoadLibraryA
FormatMessageW
GetCurrentProcessId
VirtualAlloc
VirtualFree
TryEnterCriticalSection
GetEnvironmentVariableA
RtlCaptureContext
QueryPerformanceCounter
GetSystemInfo
SetEvent
GlobalMemoryStatusEx
CreateEventW
OpenThread
TerminateThread
SuspendThread
GetThreadContext
GetModuleHandleExW
VerSetConditionMask
VerifyVersionInfoW
FreeLibraryAndExitThread
GetSystemTimeAsFileTime
InitializeSListHead
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
GetProcessHeap
RtlUnwindEx
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
SetStdHandle
GetFileType
ReadFile
GetModuleFileNameW
WriteConsoleW
ExitProcess
TerminateProcess
CreateFileW
SetFilePointerEx
CreateThread
ExitThread
GetCommandLineA
GetFileSizeEx
GetConsoleMode
HeapAlloc
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
ReadConsoleW
HeapReAlloc
SetEndOfFile
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStringTypeW
Sections
.text Size: 406KB - Virtual size: 406KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 58KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 78KB - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
._deh Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.minfo Size: 512B - Virtual size: 264B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tp Size: 512B - Virtual size: 148B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.dp Size: 512B - Virtual size: 472B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 500B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ