Static task
static1
General
-
Target
Nova_cheeto.rar
-
Size
589KB
-
MD5
efa237b58b142a4d575b97bc2ea14bd3
-
SHA1
9aa39fab93de0285337881043fffd7aaaaed52af
-
SHA256
41076e7bde1a1cbc586a3833ea906bcd74378502908535bf5d04c26d6ddd2927
-
SHA512
e98e0f8ad0cbd414589df57f6d192c9be45fcbaa8ef94fe5056004f313aecc563ff748752a1494c00b057eabb16d61a1d92aeaab593f8903f912ffe712198952
-
SSDEEP
12288:QFiNhJlHGvgr0PuivqilmBppbaZq/qy3Mcy9LLEiJ+naObtFgIo:QFs/GvGixqaZLyfy98ra+KIo
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/Nova cheeto/Archive.exe
Files
-
Nova_cheeto.rar.rar
-
Nova cheeto/Archive.exe.exe windows:6 windows x64 arch:x64
5a2c84a5260790d472a85131661b7356
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
Sleep
LoadLibraryA
GetProcAddress
GetCurrentThreadId
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleFileNameA
Process32First
WriteProcessMemory
Module32Next
Module32First
OpenProcess
CreateToolhelp32Snapshot
Process32Next
CloseHandle
VirtualProtectEx
VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
IsWow64Process
FormatMessageA
GetLocaleInfoEx
CreateFileW
FindClose
FindFirstFileW
GetFileAttributesExW
AreFileApisANSI
GetLastError
GetModuleHandleW
GetFileInformationByHandleEx
MultiByteToWideChar
WideCharToMultiByte
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
LocalFree
msvcp140
?always_noconv@codecvt_base@std@@QEBA_NXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?fail@ios_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
??7ios_base@std@@QEBA_NXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
vcruntime140_1
__CxxFrameHandler4
vcruntime140
memset
__current_exception_context
__current_exception
memcmp
__C_specific_handler
__std_terminate
__std_exception_copy
__std_exception_destroy
memcpy
_CxxThrowException
memmove
api-ms-win-crt-stdio-l1-1-0
fread
fsetpos
__stdio_common_vfprintf_s
setvbuf
fgetpos
fwrite
ungetc
_fseeki64
_set_fmode
__stdio_common_vfprintf
fgetc
__p__commode
fclose
fflush
__acrt_iob_func
fputc
_get_stream_buffer_pointers
api-ms-win-crt-heap-l1-1-0
_set_new_mode
malloc
free
_callnewh
api-ms-win-crt-filesystem-l1-1-0
_lock_file
_unlock_file
remove
api-ms-win-crt-runtime-l1-1-0
_cexit
__p___argc
_crt_atexit
_exit
exit
_c_exit
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe
_register_onexit_function
_initialize_onexit_table
terminate
_initterm_e
__p___argv
_invalid_parameter_noinfo_noreturn
api-ms-win-crt-string-l1-1-0
_stricmp
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
___lc_codepage_func
api-ms-win-crt-math-l1-1-0
__setusermatherr
Sections
.text Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 228B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ