Static task
static1
Behavioral task
behavioral1
Sample
downer.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
downer.exe
Resource
win10v2004-20231222-en
General
-
Target
8694b6d080752a6f280e9e55ce57a82f
-
Size
6KB
-
MD5
8694b6d080752a6f280e9e55ce57a82f
-
SHA1
053e9de86db4f8a2bdba41e5cbcec0902080c4c7
-
SHA256
dce065a471868749ead7d6c8cb2961dd59cad4c92d0419e1e26d344938928d99
-
SHA512
3579a4b1dbd26f404542decd3e65da527340b1b980a4f1ea54f2403d13162a77647e6219142d439ce5d14203d3f7acaab74e66286a5307d5800095f71845c69e
-
SSDEEP
192:hrNo8yNzjAiHbGlj/agtMWn/RQFqV3qlBO:wTj7y/alU6BO
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/downer.exe
Files
-
8694b6d080752a6f280e9e55ce57a82f.zip
-
downer.exe.exe windows:4 windows x86 arch:x86
784d718cdccbfa2dd33cc06241e52880
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
_CIcos
_adj_fptan
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarForInit
__vbaObjSet
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaVarCat
__vbaI2Var
_CIlog
__vbaErrorOverflow
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr
Sections
.text Size: 12KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
downer.vbp
-
shuttyer.frm
-
shuttyer.frx