Static task
static1
General
-
Target
New folder.zip
-
Size
11KB
-
MD5
7d29c5073d3dc13e9a76e003d0539004
-
SHA1
944b548618787ac7db41f9975b8cbfbb3c4f8829
-
SHA256
455c0d67b6cf01894f4822824eea4e998852bfcd5b07598011529c494f351789
-
SHA512
251eb0708f62ee494b8dfad7494dd701fc01867c8933c4215faece3a64279e1086966fda52354203cd25dd6afa856f73deea55267ede4944ad33fecc90b7822a
-
SSDEEP
192:qgb4RZT6IXJySNwB8A/9oDTROQLHx8j9Y38HQAbrfMS5SxTd9HMhT/Ur71:hY6eE8u9oDT80QDfqTdddF
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/New folder/PillKing.exe
Files
-
New folder.zip.zip
-
New folder/PillKing.exe.exe windows:6 windows x64 arch:x64
a9563ca2ee659a9314820bead4ec962b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
api-ms-win-crt-heap-l1-1-0
_set_new_mode
calloc
free
malloc
api-ms-win-crt-private-l1-1-0
__C_specific_handler
memcpy
api-ms-win-crt-runtime-l1-1-0
__p___argc
__p___argv
__p___wargv
__p__wcmdln
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_set_app_type
_set_invalid_parameter_handler
abort
exit
signal
api-ms-win-crt-stdio-l1-1-0
__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vswprintf
fwrite
api-ms-win-crt-string-l1-1-0
_wcsdup
memset
strlen
strncmp
wcslen
user32
MessageBoxW
kernel32
DeleteCriticalSection
EnterCriticalSection
GetLastError
GetProcAddress
GetStartupInfoW
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryW
SetDllDirectoryW
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VerSetConditionMask
VerifyVersionInfoW
VirtualProtect
VirtualQuery
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-environment-l1-1-0
__p__environ
__p__wenviron
api-ms-win-crt-time-l1-1-0
__daylight
__timezone
__tzname
_tzset
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.buildid Size: 512B - Virtual size: 53B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 444B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 396B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 17KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
New folder/PillKing.py.py .sh linux