Static task
static1
Behavioral task
behavioral1
Sample
usermode_stager_packed.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
usermode_stager_packed.dll
Resource
win10v2004-20231215-en
General
-
Target
usermode_stager_packed.dll
-
Size
312KB
-
MD5
f43a30b1cd1fbe69a2a7ad2ae4a9a70f
-
SHA1
0571abe5132604dc55a398c1ae00c95b8955b7e7
-
SHA256
f0b6c73ee9bd2cee5b0ef10f65386ad1312f01227551cc99ef9997df2372d272
-
SHA512
bfa7d9a5940b606256ab70a7f53b82472c8ae7fead0ea5db7dcfc0fe49f8bc97129451b7dd72af89bf61ee1ef6e2171a3a4eb28444d7bd36e62e78cd74dd8e4d
-
SSDEEP
1536:i3jMcAxNrQu/vX8vSjZPXYacSkksIMLez3:UYciJMvePC6z3
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource usermode_stager_packed.dll
Files
-
usermode_stager_packed.dll.dll windows:5 windows x64 arch:x64
c4e6282ffd1ffa097fd4cb2b076f2dae
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL
Imports
kernel32
GetModuleHandleA
GetProcAddress
wininet
InternetOpenA
Sections
.MPRESS1 Size: 20KB - Virtual size: 64KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.MPRESS2 Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE