General
-
Target
kankan.zip
-
Size
4.0MB
-
MD5
77776f965524e1bfc8c73428a6858553
-
SHA1
dd9d6a806901b4b17dc38d2353f8ed5f75c3920a
-
SHA256
b7b986520a48238a3e2759ff522d5cb03b83cacd290572ab6dd567a34be24575
-
SHA512
109ace81a018a91273aa433eacd9f5cef3dc8dcb9c8da1be158e59b213606b63bf6130d21817bfa6237daf3bfb7b9a056fc4cbb222dbc37b054faf2d94c3e5a9
-
SSDEEP
98304:JglOir2ezOhtv9VhPF97DHFU2BV9KfI/g+MZsZL4:2Iir2eKh939vl3f9Kw2w8
Malware Config
Signatures
-
resource yara_rule static1/unpack001/kankan.exe themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/kankan.exe
Files
-
kankan.zip.zip
Password: kankan
-
kankan.exe.exe windows:4 windows x86 arch:x86
Password: kankan
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 16B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.imports Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 4.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 2.8MB - Virtual size: 2.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ