C:\Users\SerGreen\Source\Repos\Appacker\UnpackerWindowless\obj\Release\UnpackerWindowless.pdb
General
-
Target
lol.exe
-
Size
20.3MB
-
MD5
1da87056da8166d6ed5e04d81aa5522c
-
SHA1
f3f81e8e0b116627682ae03ed6f004b2ac46f464
-
SHA256
7bfea7f092cf7638322f351474791f12b66ec22c66f0872f3488256839bc4c45
-
SHA512
cd9e5b62cc6918cc496dec0ab610a2d00c88d7e8285521730faecf881892070886c91ef9e0930f579e26d1cae20d09e0b233b365cdeabab4c29957c28e0e1b0f
-
SSDEEP
393216:PzuEpuRT4xFrlZfl23p33X55EWheYkv8LlCTe2x:v4RerlLa3nTEwrkACTec
Malware Config
Extracted
quasar
-
reconnect_delay
3000
Signatures
-
Detect Umbral payload 1 IoCs
resource yara_rule sample family_umbral -
Njrat family
-
Quasar family
-
Quasar payload 1 IoCs
resource yara_rule sample family_quasar -
Umbral family
-
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
resource yara_rule sample autoit_exe -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource lol.exe
Files
-
lol.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 264KB - Virtual size: 264KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 51KB - Virtual size: 51KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ