C:\projects\rcedit\Default\rcedit.pdb
Behavioral task
behavioral1
Sample
Sign-Sacker-2-main/Sign-Sacker.py
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Sign-Sacker-2-main/Sign-Sacker.py
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
Sign-Sacker-2-main/ico_sacker.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Sign-Sacker-2-main/ico_sacker.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
Sign-Sacker-2-main/info_sacker.exe
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
Sign-Sacker-2-main/info_sacker.exe
Resource
win10v2004-20240412-en
General
-
Target
71cbc5d3c44b8d8ff6b3e2f06ab0eaa05c8599861984598437a3bd8bf53f2674
-
Size
473KB
-
MD5
404fb22ec87ef2e216a27f20a441ae49
-
SHA1
2005447ceb0b73480ee7097496c2ea16c9e8f07c
-
SHA256
71cbc5d3c44b8d8ff6b3e2f06ab0eaa05c8599861984598437a3bd8bf53f2674
-
SHA512
a002130c90621a24f37edaeffe6e9c7924a28af85a7d0d94e90908729e127b1888c21a2c5c1358d36d55f238a9ee8150cd7cfa6642dc4d807924ea5311d86afa
-
SSDEEP
6144:kp86n+t5dmDibt3xFKDJf+Vx5S0sWzGxJ0jsNwyv2benjLzS0VYPViNDFOc6:kCwy5dmDiJM0S0s5J0jPSuenzjOKDS
Malware Config
Signatures
-
resource yara_rule static1/unpack001/Sign-Sacker-2-main/ico_sacker.exe upx -
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
resource unpack001/Sign-Sacker-2-main/ico_sacker.exe unpack002/out.upx unpack001/Sign-Sacker-2-main/info_sacker.exe
Files
-
71cbc5d3c44b8d8ff6b3e2f06ab0eaa05c8599861984598437a3bd8bf53f2674.zip
-
Sign-Sacker-2-main/.gitignore
-
Sign-Sacker-2-main/LICENSE
-
Sign-Sacker-2-main/README.md
-
Sign-Sacker-2-main/Sign-Sacker.py
-
Sign-Sacker-2-main/favicon.ico
-
Sign-Sacker-2-main/ico_sacker.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 44KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 21KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 29KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Sign-Sacker-2-main/info_sacker.exe.exe windows:5 windows x64 arch:x64
02eb6c917f376ad581f4e045e3c6628a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
kernel32
DecodePointer
FreeResource
LockResource
FreeLibrary
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadResource
SizeofResource
ReadFile
SetFilePointer
CloseHandle
LoadLibraryExW
FindResourceW
FindResourceExW
EnumResourceNamesW
EnumResourceLanguagesW
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
CreateFileW
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
SetLastError
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
OutputDebugStringW
SetEndOfFile
ReadConsoleW
GetCurrentDirectoryW
RtlPcToFileHeader
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
GetFullPathNameW
GetFullPathNameA
GetStdHandle
GetFileType
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
ExitProcess
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCurrentThread
GetDriveTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
OutputDebugStringA
CreateThread
SetConsoleCtrlHandler
GetTimeZoneInformation
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
SetCurrentDirectoryW
RtlUnwind
user32
UnregisterClassW
Sections
.text Size: 962KB - Virtual size: 961KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 243KB - Virtual size: 242KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 11KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 1024B - Virtual size: 777B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.00cfg Size: 512B - Virtual size: 283B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 416KB - Virtual size: 415KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Sign-Sacker-2-main/requirements.txt