Static task
static1
General
-
Target
attachments.zip
-
Size
488KB
-
MD5
660bace33a1309cfed1eb9007b730268
-
SHA1
672eef78e9814eb450e8b74dc7e78e2ae96e2a21
-
SHA256
3b530ace3209771f676e361ebc54dfc5d992d5069db93d416cd4b60745ccc400
-
SHA512
e403b6ab351d464a173dc42011ed20883867247ba81e77e5643d3d7a4de635e14c927495f6944c1960a62fc63615fb6b6824d88b310f43848f74988257159222
-
SSDEEP
12288:WmDS22BY1Piq7p19SWp1vF1tZkCZNidsiu5kNMr2K1WqGvbL:WmcBY4q7p1971vNo07r2K1kbL
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack002/226350194-050944-sanlccjavap0003-11764.exe -
NSIS installer 2 IoCs
resource yara_rule static1/unpack002/226350194-050944-sanlccjavap0003-11764.exe nsis_installer_1 static1/unpack002/226350194-050944-sanlccjavap0003-11764.exe nsis_installer_2
Files
-
attachments.zip.zip
-
226350194-050944-sanlccjavap0003-11764.rar.rar
-
226350194-050944-sanlccjavap0003-11764.exe.exe windows:5 windows x86 arch:x86
dd68e663380c71f66b512f005f1be7ec
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegQueryValueExA
RegSetValueExA
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCreateKeyExA
RegOpenKeyExA
shell32
SHBrowseForFolderA
SHFileOperationA
SHGetPathFromIDListA
SHGetFileInfoA
ShellExecuteExA
ole32
OleUninitialize
IIDFromString
OleInitialize
CoTaskMemFree
CoCreateInstance
comctl32
ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked
user32
DispatchMessageA
SystemParametersInfoA
LoadCursorA
SetClassLongA
GetSysColor
ScreenToClient
SetCursor
GetWindowRect
TrackPopupMenu
AppendMenuA
EnableMenuItem
CreatePopupMenu
GetSystemMenu
GetSystemMetrics
IsWindowEnabled
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
CheckDlgButton
EndDialog
DialogBoxParamA
IsWindowVisible
SetWindowPos
CreateWindowExA
GetClassInfoA
RegisterClassA
PeekMessageA
GetMessagePos
CharNextA
ExitWindowsEx
SetWindowTextA
SetTimer
CreateDialogParamA
DestroyWindow
LoadImageA
FindWindowExA
SetWindowLongA
InvalidateRect
ReleaseDC
GetDC
SetForegroundWindow
EnableWindow
GetDlgItem
ShowWindow
IsWindow
PostQuitMessage
SendMessageTimeoutA
SendMessageA
wsprintfA
FillRect
GetClientRect
EndPaint
BeginPaint
DrawTextA
DefWindowProcA
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CallWindowProcA
CharPrevA
GetWindowLongA
gdi32
GetDeviceCaps
SetBkColor
CreateBrushIndirect
SetTextColor
SetBkMode
SelectObject
DeleteObject
CreateFontIndirectA
kernel32
GetTempFileNameA
GetLastError
WaitForSingleObject
RemoveDirectoryA
ReadFile
CreateFileA
CreateDirectoryA
lstrcpynA
GlobalLock
GlobalUnlock
CreateThread
GetDiskFreeSpaceA
CopyFileA
lstrlenA
GetVersionExA
GetWindowsDirectoryA
ExitProcess
GetCurrentProcess
GetExitCodeProcess
GetTempPathA
SetEnvironmentVariableA
GetCommandLineA
GetModuleFileNameA
GetTickCount
GetFileSize
MultiByteToWideChar
MoveFileA
WritePrivateProfileStringA
GetPrivateProfileStringA
lstrcmpiA
lstrcmpA
MulDiv
GetShortPathNameA
GlobalFree
GlobalAlloc
LoadLibraryExA
GetModuleHandleA
FreeLibrary
Sleep
CloseHandle
SetFileTime
SetFilePointer
SetFileAttributesA
GetFullPathNameA
GetFileAttributesA
FindNextFileA
FindFirstFileA
FindClose
DeleteFileA
CompareFileTime
SearchPathA
SetCurrentDirectoryA
ExpandEnvironmentStringsA
WriteFile
CreateProcessA
WideCharToMultiByte
GetSystemDirectoryA
GetProcAddress
lstrcpyA
lstrcatA
MoveFileExA
SetErrorMode
Sections
.text Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 3.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 60KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 190KB - Virtual size: 190KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Civilhortonoms/Dyretmmersken/Mealybug/Laesning.Sko
-
Ejerkredsen/Lulledes/Filateliens31.don
-
Ejerkredsen/Lulledes/Preconizing.Nig.ps1
-
Sudsers34/Neoterist/Opslagsbindenes/Oplivelse/indsigelse.ant
-
Sudsers34/Neoterist/Opslagsbindenes/Oplivelse/smreostens.oxo
-
Telekablets/krakileres/miditest/Herpetotomist.txt