Behavioral task
behavioral1
Sample
SpyderCrypter.exe
Resource
win7-20240221-en
General
-
Target
SpyderCrypter.rar
-
Size
4.8MB
-
MD5
fe47299553c0972ec170d166b9037ae9
-
SHA1
8a8e27d3563e181b7cee1038c8bd81791f1714b2
-
SHA256
6209712229816eb836f3b5492c23fa20afa7cf582111da9f90c8714c23a8812b
-
SHA512
097e2add3c75659fecc9f294bacf9292881ad56831d1633716bf24ee8eee45111e33058393e04b3bae96fc55a4c17edba16efe0f7e46fcc6376f1c004fbb03d8
-
SSDEEP
98304:TL3X7Et5fcooV2Tck95VZ2BCsvACfdrpdxuf02jqhzDezbnrvPQudfuz:T7XYttcoojkXV/uA4ddgc+qVkHGz
Malware Config
Signatures
-
Processes:
resource yara_rule static1/unpack001/SpyderCrypter.exe themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/SpyderCrypter.exe
Files
-
SpyderCrypter.rar.rar
Password: Spyder
-
SpyderCrypter.exe.exe windows:4 windows x86 arch:x86
Password: Spyder
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 2.0MB - Virtual size: 2.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 660B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 15B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.imports Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 4.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 2.8MB - Virtual size: 2.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ