Behavioral task
behavioral1
Sample
HWID SPOOFER + CLEANER.exe
Resource
win7-20240221-en
General
-
Target
HWID SPOOFER + CLEANER.exe
-
Size
750.0MB
-
MD5
7f954627bf29d26a3e9ddb65553f04dd
-
SHA1
e0681c0bb34dea960c5bdacd73fc88f051317a03
-
SHA256
e0c42c0175d2e18879f7e09d502ab9a0a7f9bc0c815bf001cdea692d8358bacc
-
SHA512
beb98c24f9347695e19397450a7f7dd8a405d123df0b8fdf3bf0c013650e6da3fa427bdf44ac58d3c75c0f59110192236ac0af65cefa8408157579a12ef687a8
-
SSDEEP
768:MFegorieqVnV878bgC8A+XiFeoyZ7sJn7xJ1+T4RSaGHmDbDEph0oXXydEGaUDS3:/oNVMEeTgzitUbah9QeucdpqKmY7
Malware Config
Extracted
asyncrat
Default
127.0.0.1:3232
uY艾بk勒v吉吉i比诶wxI7o弗f
-
delay
1
-
install
true
-
install_file
HWID SPOOFER + CLEANER.exe
-
install_folder
%AppData%
Signatures
-
Asyncrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource HWID SPOOFER + CLEANER.exe
Files
-
HWID SPOOFER + CLEANER.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
Imports
mscoree
_CorExeMain
Sections
.text Size: 59KB - Virtual size: 58KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ