Static task
static1
Behavioral task
behavioral1
Sample
36bd481c4fa0c81766a46d47dc47bd538c2bbf91254092fe6f5cbea1d3bcb4d2.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
36bd481c4fa0c81766a46d47dc47bd538c2bbf91254092fe6f5cbea1d3bcb4d2.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20231215-en
General
-
Target
36bd481c4fa0c81766a46d47dc47bd538c2bbf91254092fe6f5cbea1d3bcb4d2.exe
-
Size
1.1MB
-
MD5
dbac614bdf786dd5741aaab9ea8006d7
-
SHA1
4f49b045fe3b043d5f8541939ef66d611094b10d
-
SHA256
36bd481c4fa0c81766a46d47dc47bd538c2bbf91254092fe6f5cbea1d3bcb4d2
-
SHA512
966a2038cb16dead59f3b44379d8fb2bb35f5888b10c74cafb8a28b8e9a029b0a5ec0d3c7d17a5915351014c7307e3989efb17120781dccbf7815a00d5789526
-
SSDEEP
24576:KS5HuM8IqoMzMxDHEHsGhXwy54j3BjqgMQUWhypBR:f55XOHsG/54j3ZftUNBR
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/$PLUGINSDIR/System.dll
Files
-
36bd481c4fa0c81766a46d47dc47bd538c2bbf91254092fe6f5cbea1d3bcb4d2.exe.exe windows:4 windows x86 arch:x86
e2a592076b17ef8bfb48b7e03965a3fc
Code Sign
06:c3:56:25:df:69:94:62:e5:c6:a2:43:e4:23:c7:70:f0:57:74:46Certificate
IssuerCN=Aerobiosis,OU=Snyds Grnttrringens synsfelt\ ,O=Aerobiosis,L=Bogard,ST=Missouri,C=US,1.2.840.113549.1.9.1=#0c175769726564726177696e674049736f73746173792e5261Not Before27-02-2023 00:44Not After26-02-2026 00:44SubjectCN=Aerobiosis,OU=Snyds Grnttrringens synsfelt\ ,O=Aerobiosis,L=Bogard,ST=Missouri,C=US,1.2.840.113549.1.9.1=#0c175769726564726177696e674049736f73746173792e526106:c3:56:25:df:69:94:62:e5:c6:a2:43:e4:23:c7:70:f0:57:74:46Certificate
IssuerCN=Aerobiosis,OU=Snyds Grnttrringens synsfelt\ ,O=Aerobiosis,L=Bogard,ST=Missouri,C=US,1.2.840.113549.1.9.1=#0c175769726564726177696e674049736f73746173792e5261Not Before27-02-2023 00:44Not After26-02-2026 00:44SubjectCN=Aerobiosis,OU=Snyds Grnttrringens synsfelt\ ,O=Aerobiosis,L=Bogard,ST=Missouri,C=US,1.2.840.113549.1.9.1=#0c175769726564726177696e674049736f73746173792e52617b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate
IssuerCN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before12-01-2016 00:00Not After11-01-2031 23:59SubjectCN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate
IssuerCN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before23-12-2017 00:00Not After22-03-2029 23:59SubjectCN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
63:26:50:5e:2f:d3:90:bf:68:93:97:5f:96:39:8f:b2:1d:f0:17:1d:3e:7c:e2:d6:4f:9c:f9:a5:73:58:3e:15Signer
Actual PE Digest63:26:50:5e:2f:d3:90:bf:68:93:97:5f:96:39:8f:b2:1d:f0:17:1d:3e:7c:e2:d6:4f:9c:f9:a5:73:58:3e:15Digest Algorithmsha256PE Digest Matchestruedd:42:a2:dc:80:30:4f:8e:a1:13:77:00:e0:f8:3a:fb:aa:52:2a:f0Signer
Actual PE Digestdd:42:a2:dc:80:30:4f:8e:a1:13:77:00:e0:f8:3a:fb:aa:52:2a:f0Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
SetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
MoveFileW
SetFileAttributesW
GetCurrentProcess
ExitProcess
SetEnvironmentVariableW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
GetVersion
SetErrorMode
lstrlenW
WaitForSingleObject
CopyFileW
CompareFileTime
GlobalLock
CreateThread
GetLastError
CreateDirectoryW
CreateProcessW
RemoveDirectoryW
lstrcmpiA
CreateFileW
GetTempFileNameW
WriteFile
lstrcpyA
lstrcpyW
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GlobalFree
GlobalAlloc
GetShortPathNameW
SearchPathW
lstrcmpiW
SetFileTime
CloseHandle
ExpandEnvironmentStringsW
lstrcmpW
GlobalUnlock
lstrcpynW
GetDiskFreeSpaceW
GetExitCodeProcess
FindFirstFileW
FindNextFileW
DeleteFileW
SetFilePointer
ReadFile
FindClose
MulDiv
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
LoadLibraryExW
GetModuleHandleW
user32
GetSystemMenu
SetClassLongW
IsWindowEnabled
EnableMenuItem
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
wsprintfW
ScreenToClient
GetWindowRect
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
LoadImageW
SetTimer
SetWindowTextW
PostQuitMessage
ShowWindow
GetDlgItem
IsWindow
SetWindowLongW
FindWindowExW
TrackPopupMenu
AppendMenuW
CreatePopupMenu
DrawTextW
EndPaint
CreateDialogParamW
SendMessageTimeoutW
SetForegroundWindow
gdi32
SelectObject
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor
shell32
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
advapi32
RegDeleteKeyW
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumKeyW
comctl32
ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create
ole32
OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance
Sections
.text Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 128KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 344KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 410KB - Virtual size: 409KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/System.dll.dll windows:4 windows x86 arch:x86
fc0224e99e736751432961db63a41b76
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError
user32
wsprintfW
ole32
StringFromGUID2
CLSIDFromString
Exports
Exports
Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc
Sections
.text Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 851B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 120B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 610B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Brdrene96.bev
-
Brontolith.ref
-
Smaglst/Strue/undemocratisation/fodboldspils/Vragedes.str
-
Smaglst/Strue/undemocratisation/fodboldspils/bldgrerne.nav
-
Smaglst/Strue/undemocratisation/fodboldspils/dircaean.tra
-
exclaustration.att
-
fordringer.maa
-
leviticalism.vor
-
mauritius.chr
-
skruetvingernes.dan
-
soils.ext
-
viften.txt
-
zincide.rev