Static task
static1
General
-
Target
fragment.exe
-
Size
4.6MB
-
MD5
c4114d060ad3c39d4e4b71d940bb6409
-
SHA1
c036974ba1e6a5ddbbbc784ef0f27cafe3ece19d
-
SHA256
c18cebe30bc7b1f363f9174260b43e02d13d3022a732b376250052e7fe17d14e
-
SHA512
1ca7a26c65a99caf028b587315ea7e9dbb1b2340f1fb3ad7407b06b003e05e36c8cd1329506d3a0684d6797c24d915d405d84ab5853a0a6975d1e84e29c838f4
-
SSDEEP
49152:PNbMujlQmOXRLOxSNLKiuDmh5ESRlxDrZ+d8:lb8xlomF
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource fragment.exe
Files
-
fragment.exe.exe windows:6 windows x64 arch:x64
c9d5165cb9890b393b4202a6c24e88db
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryW
CloseHandle
LoadLibraryW
VerifyVersionInfoW
GetTickCount
WaitForSingleObjectEx
EnterCriticalSection
GetModuleHandleA
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SetLastError
FormatMessageA
CreateFileW
GetFileSizeEx
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryA
Sleep
CreateToolhelp32Snapshot
ResumeThread
SuspendThread
Thread32First
Thread32Next
GetProcessId
VirtualAlloc
VirtualFree
WriteProcessMemory
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
CreateRemoteThread
CreateThread
GetCurrentProcess
OpenThread
SetThreadContext
VirtualFreeEx
ReadProcessMemory
VirtualAllocEx
GetProcAddress
GetLastError
GetThreadContext
DeleteCriticalSection
FreeLibrary
GetVolumeInformationA
user32
DispatchMessageA
ShowWindow
LoadBitmapA
MessageBoxA
GetMessageA
UpdateWindow
PostQuitMessage
CreateDialogParamA
TranslateMessage
DefWindowProcA
msvcp140
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Xlength_error@std@@YAXPEBD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
comctl32
InitCommonControlsEx
vcruntime140_1
__CxxFrameHandler4
vcruntime140
memcpy
strchr
__current_exception_context
__current_exception
_CxxThrowException
__C_specific_handler
__std_exception_copy
__std_exception_destroy
memmove
strrchr
strstr
memcmp
memchr
wcschr
memset
api-ms-win-crt-string-l1-1-0
strncpy
strpbrk
isupper
wcsncpy
strspn
strcspn
strcmp
wcsncmp
_strdup
_wcsdup
wcspbrk
tolower
strncmp
api-ms-win-crt-runtime-l1-1-0
_invalid_parameter_noinfo_noreturn
_register_onexit_function
__sys_nerr
_errno
exit
_getpid
strerror
terminate
_register_thread_local_exe_atexit_callback
_c_exit
_initialize_onexit_table
_beginthreadex
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_exit
api-ms-win-crt-utility-l1-1-0
srand
rand
qsort
api-ms-win-crt-time-l1-1-0
_gmtime64
_time64
api-ms-win-crt-stdio-l1-1-0
fgets
__stdio_common_vsprintf
__p__commode
_lseeki64
ftell
fseek
fread
fwrite
__acrt_iob_func
_set_fmode
fclose
fflush
fputc
fopen
_read
_write
fputs
_close
__stdio_common_vsscanf
_open
api-ms-win-crt-filesystem-l1-1-0
_access
_fstat64
_stat64
api-ms-win-crt-heap-l1-1-0
_set_new_mode
calloc
realloc
_callnewh
malloc
free
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
api-ms-win-crt-convert-l1-1-0
strtoll
strtoul
atoi
strtol
api-ms-win-crt-environment-l1-1-0
getenv
advapi32
CryptHashData
CryptReleaseContext
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptAcquireContextW
CryptCreateHash
CryptGenRandom
CryptGetHashParam
wldap32
ord46
ord73
ord219
ord208
ord41
ord117
ord145
ord14
ord26
ord27
ord301
ord127
ord147
ord133
ord167
ord79
ord142
ord216
crypt32
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringW
CertAddCertificateContextToStore
CryptStringToBinaryW
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
ws2_32
__WSAFDIsSet
WSAIoctl
WSASetLastError
WSAStartup
select
accept
htonl
ntohs
setsockopt
closesocket
send
WSAGetLastError
socket
recv
bind
connect
getpeername
getsockname
getsockopt
htons
listen
getaddrinfo
freeaddrinfo
recvfrom
sendto
ioctlsocket
ntohl
WSACleanup
gethostname
Sections
.text Size: 300KB - Virtual size: 300KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 84KB - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 265KB - Virtual size: 265KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4.0MB - Virtual size: 4.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.v-lizer Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE