Static task
static1
General
-
Target
onevade.exe
-
Size
4.3MB
-
MD5
4ea2d7be80eb4078822effd60072b721
-
SHA1
6e1f706048f4503c5aad973210b2436874c5ec1f
-
SHA256
77881d4a007d2322a29fd0b1019d395c8763cf87395da3305f54258a00ed57ac
-
SHA512
1f11abab59257ac8650555e8ec1f8c30b350d16336380ce9977a093af5aa3bfcba9dc32bfc9f07d13fa6dec90736f0723c1c4c4771ffe53f5ad1b91ba5af3b85
-
SSDEEP
98304:uiimoLUDZonIfSrF5IyYpM1OF1/hPBkKuiaKd5Y7bt3p7k:ujm+UFonIqrFNYK1OF1/NJuiN/2bt
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource onevade.exe
Files
-
onevade.exe.exe windows:6 windows x64 arch:x64
806f51929e66dc349273d48e9700f82c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
GetLastError
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
GetCursorPos
advapi32
CryptEncrypt
shell32
ShellExecuteA
msvcp140
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
d3d9
Direct3DCreate9Ex
d3dx9_43
D3DXCreateTextureFromFileInMemory
imm32
ImmReleaseContext
dwmapi
DwmExtendFrameIntoClientArea
normaliz
IdnToAscii
ws2_32
socket
wldap32
ord217
crypt32
CertFreeCertificateChain
ntdll
RtlCaptureContext
vcruntime140_1
__CxxFrameHandler4
vcruntime140
_CxxThrowException
api-ms-win-crt-stdio-l1-1-0
_popen
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-string-l1-1-0
strcspn
api-ms-win-crt-heap-l1-1-0
calloc
api-ms-win-crt-convert-l1-1-0
strtoll
api-ms-win-crt-filesystem-l1-1-0
_lock_file
api-ms-win-crt-time-l1-1-0
_time64
api-ms-win-crt-runtime-l1-1-0
_initterm_e
api-ms-win-crt-math-l1-1-0
_dsign
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: - Virtual size: 754KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 204KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 138KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.onv0 Size: - Virtual size: 1.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.onv1 Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.onv2 Size: 4.3MB - Virtual size: 4.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 200B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ