Static task
static1
General
-
Target
Install_00200.exe
-
Size
28.9MB
-
MD5
c234dbf3746772068c10c406c117e54e
-
SHA1
9ea4cae74cc9634245afc6f1bd57cf07f8adff94
-
SHA256
e40cd7b26cdb50b2d0f8f9ae0c5159b3573ed681a3aa6d462c6cb5c99ae1df9d
-
SHA512
32aeb30d6cad1563cd2bbc2291e3e70f6c9deb217e8f5b75655a4ad34129b9a76dc12584bda9f948ed3fd269d80b8ac68b04bab09a985ee2a2c0a0aa5ee84960
-
SSDEEP
786432:JsvxyNYWFb5I7iYj1yxmofQZTib6fzfHwSN2MbSZNjt3KWAv6y:tXfQZ86fTHwSN2MbSZXKW9y
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Install_00200.exe
Files
-
Install_00200.exe.exe windows:6 windows x86 arch:x86
ef70c2df92ef50a37cdf6fca48861d24
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
AreFileApisANSI
GetConsoleCP
ReadConsoleW
GetModuleHandleW
ReleaseSRWLockExclusive
EnterCriticalSection
SetPriorityClass
lstrlenA
FindNextFileW
DuplicateHandle
FormatMessageA
PeekNamedPipe
GetDriveTypeW
CreateEventW
CreateThread
ExitProcess
SignalObjectAndWait
GetThreadPriority
ResetEvent
WriteFile
GetSystemInfo
MoveFileExW
InterlockedPopEntrySList
SystemTimeToTzSpecificLocalTime
IsProcessorFeaturePresent
VirtualProtect
InterlockedFlushSList
RegisterWaitForSingleObject
HeapFree
FreeLibraryAndExitThread
SetUnhandledExceptionFilter
TlsGetValue
TryEnterCriticalSection
GetSystemTimeAsFileTime
ReadFile
SetStdHandle
CreateFileW
SetFileAttributesW
SwitchToThread
GetStartupInfoW
EnumSystemLocalesW
FileTimeToSystemTime
QueryDepthSList
GetEnvironmentVariableA
SetLastError
LocalFree
CreateSemaphoreA
QueryPerformanceFrequency
DeleteCriticalSection
GetEnvironmentStringsW
GetProcAddress
LoadLibraryW
GetTimeFormatW
ExitThread
TlsAlloc
GetCurrentProcess
HeapReAlloc
GetOEMCP
LCMapStringW
GetSystemDirectoryW
IsDebuggerPresent
GetFileSize
GetLastError
GetFileAttributesA
FreeEnvironmentStringsW
InitializeSListHead
GetCommandLineA
SetEnvironmentVariableA
SetThreadPriority
lstrcatA
GetACP
LeaveCriticalSection
SetThreadAffinityMask
CreateDirectoryA
SetFileAttributesA
GetModuleHandleA
VirtualFree
WaitForMultipleObjects
HeapAlloc
UnregisterWaitEx
GetNumaHighestNodeNumber
WideCharToMultiByte
Sleep
InitializeCriticalSectionEx
RemoveDirectoryW
GetThreadTimes
GlobalLock
GetVersionExA
MultiByteToWideChar
VerSetConditionMask
GetModuleFileNameA
SetFileTime
IsValidLocale
UnhandledExceptionFilter
GlobalUnlock
FindFirstFileExA
GetModuleFileNameW
RtlUnwind
GetProcessAffinityMask
CreateDirectoryW
TlsFree
GetStdHandle
GetLogicalDriveStringsW
InitializeCriticalSection
GetDateFormatW
GetVersionExW
GetCommandLineW
GetFileSizeEx
GetTickCount64
WriteConsoleW
CreateTimerQueue
FindFirstFileA
SetEvent
RemoveDirectoryA
GetUserDefaultLCID
SetEndOfFile
IsValidCodePage
SetFilePointerEx
ReleaseSemaphore
GetModuleHandleExW
MoveFileA
ChangeTimerQueueTimer
VerifyVersionInfoW
GlobalAlloc
QueryPerformanceCounter
GetCurrentDirectoryW
GetConsoleMode
UnregisterWait
LoadLibraryExW
GetTimeZoneInformation
InterlockedPushEntrySList
GetFileAttributesExW
GetLogicalDriveStringsA
DeleteTimerQueueTimer
CompareStringW
GetCPInfo
DeleteFileA
GetVersion
AcquireSRWLockExclusive
FlushFileBuffers
GetStringTypeW
CreateFileA
GetCurrentThreadId
GetFullPathNameW
EncodePointer
TerminateProcess
DecodePointer
GlobalFree
GetFileType
FormatMessageW
WaitForSingleObject
SetFilePointer
GetLocaleInfoW
GetProcessHeap
CreateEventA
FileTimeToLocalFileTime
GetTickCount
FindFirstFileW
FreeLibrary
InitializeCriticalSectionAndSpinCount
CompareFileTime
MoveFileW
LoadLibraryA
CloseHandle
VirtualAlloc
GetLogicalProcessorInformation
DeleteFileW
GetFileAttributesW
GetFileInformationByHandle
HeapSize
TlsSetValue
GetCurrentProcessId
SleepEx
GlobalMemoryStatus
CreateTimerQueueTimer
WaitForSingleObjectEx
GetCurrentDirectoryA
FindNextFileA
GetCurrentThread
FindClose
RaiseException
user32
SetClipboardData
LoadCursorA
SetWindowLongA
SetWindowTextW
GetWindowTextLengthW
MoveWindow
CharUpperW
MessageBoxA
DialogBoxParamA
GetDlgItem
GetWindowLongA
SetTimer
SendMessageA
InvalidateRect
MapDialogRect
OpenClipboard
EmptyClipboard
IsDlgButtonChecked
SystemParametersInfoA
GetKeyState
DialogBoxParamW
GetWindowTextW
SetWindowTextA
ShowWindow
KillTimer
LoadIconA
CloseClipboard
GetFocus
LoadStringW
CharUpperA
EndDialog
ScreenToClient
LoadStringA
MessageBoxW
GetMonitorInfoA
CheckDlgButton
SetFocus
SetCursor
PostMessageA
GetWindowTextLengthA
GetWindowTextA
GetWindowRect
EnableWindow
MonitorFromWindow
wsprintfA
SendMessageW
GetParent
advapi32
CryptDestroyKey
CryptGetHashParam
CryptReleaseContext
CloseServiceHandle
CryptCreateHash
CryptEncrypt
CryptAcquireContextW
CryptHashData
CryptDestroyHash
CryptImportKey
shell32
SHGetFileInfoA
SHGetSpecialFolderPathW
SHGetPathFromIDListA
SHBrowseForFolderA
ole32
CoUninitialize
CoInitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
oleaut32
SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString
VariantClear
bcrypt
BCryptGenRandom
crypt32
CertGetNameStringW
CryptStringToBinaryW
CertFreeCertificateChainEngine
CertGetCertificateChain
CryptDecodeObjectEx
CertOpenStore
CertFreeCertificateChain
CryptQueryObject
CertFreeCertificateContext
CertEnumCertificatesInStore
CertFindExtension
CertCloseStore
CertCreateCertificateChainEngine
PFXImportCertStore
CertFindCertificateInStore
CertAddCertificateContextToStore
wldap32
ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord27
ord145
ord219
ord46
ord14
ord216
ord73
ord208
ord41
ord117
ord26
ws2_32
WSACreateEvent
WSAEventSelect
recvfrom
sendto
getpeername
ioctlsocket
gethostname
socket
getsockopt
send
WSACloseEvent
WSAEnumNetworkEvents
getaddrinfo
WSAIoctl
WSAWaitForMultipleEvents
WSAResetEvent
closesocket
WSAGetLastError
ntohs
WSASetLastError
WSAStartup
WSACleanup
htons
setsockopt
freeaddrinfo
__WSAFDIsSet
select
accept
bind
connect
getsockname
htonl
listen
recv
Sections
.text Size: 6.3MB - Virtual size: 6.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 238KB - Virtual size: 238KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 83KB - Virtual size: 82KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ