Static task
static1
General
-
Target
Sandisk.exe
-
Size
6.4MB
-
MD5
641371ace4ebeec61132d7c4c1c2fb1d
-
SHA1
df01a6db115d9fd8b7a668b1cd0792c1b59e74d9
-
SHA256
55c062b638cf779fc7af500c329d986eee6bedb8699733047b9d1bd7ac6cf583
-
SHA512
63ba325bca4e5872eaa5b685e01b189995edbe0ade352832eb6318a8217dd0e7a8b6d6112d5667a580a03b94decfb4401fae4cd21766eed5b5a520c4877fab3c
-
SSDEEP
49152:aNFTuGJRa6Q+SvTSMD8P4xOH/WZc52/QXUXH+AJymcB6kschRW6Leh1ZNLl46GWi:QU1xU4/cYkXXc/hYE0T80oZLaSi
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Sandisk.exe
Files
-
Sandisk.exe.exe windows:6 windows x64 arch:x64
3d4b2799daab827f8c86cee328094309
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
HeapFree
FindClose
GetConsoleWindow
MoveFileExW
CloseHandle
IsDebuggerPresent
OpenProcess
GetLastError
GetCommandLineW
GetVersionExW
GetComputerNameExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AddVectoredExceptionHandler
SetThreadStackGuarantee
HeapAlloc
GetProcessHeap
HeapReAlloc
TryAcquireSRWLockExclusive
Sleep
GlobalLock
GlobalSize
WideCharToMultiByte
MultiByteToWideChar
GlobalAlloc
RemoveDirectoryW
DeleteFileW
SetFileAttributesW
GetStdHandle
GetConsoleMode
SetConsoleMode
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetTickCount64
GetLogicalDrives
GlobalFree
GlobalUnlock
lstrlenW
LoadLibraryA
GetProcAddress
CreateFileW
GetModuleFileNameW
SetFileInformationByHandle
SwitchToThread
SetLastError
GetFinalPathNameByHandleW
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
WakeAllConditionVariable
SleepConditionVariableSRW
WakeConditionVariable
GetSystemInfo
GetFileInformationByHandle
SetHandleInformation
GetModuleHandleA
GetCurrentThread
WaitForSingleObject
WriteConsoleW
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceFrequency
GetModuleHandleW
FormatMessageW
GetCurrentProcess
GetEnvironmentVariableW
GetTempPathW
GetFileInformationByHandleEx
GetFullPathNameW
SetFilePointerEx
FindNextFileW
CreateDirectoryW
FindFirstFileW
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
GetCurrentProcessId
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
GetExitCodeProcess
CreateEventW
CancelIo
ReadFile
ExitProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
CreateMutexA
WaitForSingleObjectEx
ReleaseMutex
RtlVirtualUnwind
AcquireSRWLockShared
ReleaseSRWLockShared
CopyFileExW
GetFileType
GetDiskFreeSpaceExW
LocalFree
ReadProcessMemory
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
VirtualQueryEx
GetDriveTypeW
GetVolumeInformationW
DeviceIoControl
GlobalMemoryStatusEx
PostQueuedCompletionStatus
LoadLibraryExA
FreeLibrary
GetDiskFreeSpaceA
FlushFileBuffers
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
SystemTimeToFileTime
GetFileSize
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
RaiseException
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ntdll
NtCancelIoFileEx
NtCreateFile
NtWriteFile
RtlNtStatusToDosError
NtQuerySystemInformation
RtlGetVersion
NtDeviceIoControlFile
NtQueryInformationProcess
NtReadFile
crypt32
CertCloseStore
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CryptUnprotectData
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertDuplicateStore
CertOpenStore
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertFreeCertificateContext
CertGetCertificateChain
user32
EnumDisplayMonitors
EnumDisplaySettingsExW
CloseClipboard
GetClipboardData
OpenClipboard
ShowWindow
GetDpiForSystem
EmptyClipboard
SetClipboardData
GetMonitorInfoW
psapi
EnumProcessModules
EnumProcesses
GetModuleBaseNameA
GetModuleFileNameExW
GetPerformanceInfo
advapi32
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
LookupAccountSidW
GetLengthSid
IsValidSid
GetTokenInformation
OpenProcessToken
SystemFunction036
CopySid
RegCloseKey
gdi32
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreateDCW
SetStretchBltMode
DeleteDC
StretchBlt
GetDIBits
GetObjectW
DeleteObject
ole32
CoUninitialize
CoInitializeEx
CoTaskMemFree
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
iphlpapi
GetAdaptersAddresses
FreeMibTable
GetIfTable2
GetIfEntry2
netapi32
NetUserEnum
NetUserGetInfo
NetUserGetLocalGroups
NetApiBufferFree
secur32
FreeCredentialsHandle
DecryptMessage
FreeContextBuffer
DeleteSecurityContext
LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaEnumerateLogonSessions
AcceptSecurityContext
AcquireCredentialsHandleA
InitializeSecurityContextW
EncryptMessage
ApplyControlToken
QueryContextAttributesW
shell32
CommandLineToArgvW
SHGetKnownFolderPath
ws2_32
WSAGetLastError
getsockname
WSAIoctl
closesocket
WSASocketW
ioctlsocket
connect
getsockopt
setsockopt
bind
getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
recv
send
shutdown
getpeername
WSASend
bcrypt
BCryptGenRandom
oleaut32
SysStringLen
GetErrorInfo
SysFreeString
SysAllocString
VariantClear
pdh
PdhGetFormattedCounterValue
PdhAddEnglishCounterW
PdhCloseQuery
PdhRemoveCounter
PdhOpenQueryA
PdhCollectQueryData
powrprof
CallNtPowerInformation
vcruntime140
memset
memmove
memcpy
memcmp
__CxxFrameHandler3
strrchr
__C_specific_handler
__current_exception
__current_exception_context
api-ms-win-crt-string-l1-1-0
wcslen
strcmp
strcspn
strncmp
strspn
strlen
api-ms-win-crt-math-l1-1-0
round
_dclass
log
fabs
roundf
__setusermatherr
api-ms-win-crt-heap-l1-1-0
_msize
malloc
realloc
free
_set_new_mode
api-ms-win-crt-stdio-l1-1-0
__p__commode
_set_fmode
api-ms-win-crt-utility-l1-1-0
_rotl64
qsort
api-ms-win-crt-time-l1-1-0
_localtime64_s
api-ms-win-crt-runtime-l1-1-0
_crt_atexit
_endthreadex
_initialize_narrow_environment
_register_onexit_function
_initialize_onexit_table
_configure_narrow_argv
_beginthreadex
_initterm
_seh_filter_exe
_register_thread_local_exe_atexit_callback
terminate
_set_app_type
_initterm_e
_c_exit
_cexit
__p___argv
__p___argc
exit
_exit
_get_initial_narrow_environment
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 3.6MB - Virtual size: 3.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2.7MB - Virtual size: 2.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 25KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 79KB - Virtual size: 79KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 33KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ