Static task
static1
General
-
Target
rogue.exe
-
Size
52KB
-
MD5
c7f4970e722c82e213d8293b306fb477
-
SHA1
851926b464cd8eff3e7130e89010a056440ad485
-
SHA256
f12d1d1ef5e066ba39ab50488a9eb9b024f183676987ed43b1ca98e8565e6896
-
SHA512
961f5339831cd6740ae6a19eb29d23ea1169b930f8fda245f0f2815a2cfc9ef532a3b3310cdfeae3d9be78570cb9d320eb790f2e6f138a37b3d54347b1775b32
-
SSDEEP
768:j21WwMwq3YQnGFrBP0BS7/UscCiAPDf6Y6IANICdZGHMxyQm2I4bK3DuhUu:jiLmSri+/UJCiM4IANIJMpml4R
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource rogue.exe
Files
-
rogue.exe.exe windows:6 windows x64 arch:x64
46435c2b01a597f757c1fe9210753d69
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
GetModuleHandleA
GetProcAddress
credui
CredUnPackAuthenticationBufferW
user32
SetTimer
advapi32
OpenProcessToken
shell32
Shell_NotifyIconW
ole32
CoTaskMemFree
msvcp140
??1_Lockit@std@@QEAA@XZ
wininet
InternetOpenW
urlmon
URLDownloadToFileW
vcruntime140_1
__CxxFrameHandler4
vcruntime140
memset
api-ms-win-crt-runtime-l1-1-0
exit
api-ms-win-crt-stdio-l1-1-0
fgetc
api-ms-win-crt-heap-l1-1-0
free
api-ms-win-crt-string-l1-1-0
wcsncpy
api-ms-win-crt-filesystem-l1-1-0
_lock_file
api-ms-win-crt-locale-l1-1-0
___lc_codepage_func
api-ms-win-crt-math-l1-1-0
__setusermatherr
Sections
.MPRESS1 Size: 46KB - Virtual size: 244KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.MPRESS2 Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 472B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE