C:\Users\SerGreen\Source\Repos\Appacker\UnpackerWindowless\obj\Release\UnpackerWindowless.pdb
General
-
Target
vir.exe
-
Size
311.5MB
-
MD5
eb9490492b00c4f14cf133acf95edfe4
-
SHA1
1d903edafd1429d1554d5b4298496f96129e388b
-
SHA256
f0025dabe2f4c075dbe09bc534dbe94939d0ae6d45ee4450ec7943fa36fb09cc
-
SHA512
175f1da82762237282390a3dc1be3164c81b3416514b2bfd16eb1b51e50a9bbabce809baf5f68dad6720df73d5bbedc736999597063ebb9070396cb910d98b72
-
SSDEEP
6291456:Y2qVJw+odBeWFv1k4R4b0ewZkhT4ofHwJjvZDQPf2tLSkHldHVeVM:rr+WeSWgfecGT4RjvqP85TAK
Malware Config
Extracted
quasar
-
reconnect_delay
3000
Signatures
-
Detect Umbral payload 1 IoCs
resource yara_rule sample family_umbral -
Njrat family
-
Quasar family
-
Quasar payload 1 IoCs
resource yara_rule sample family_quasar -
Umbral family
-
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
resource yara_rule sample autoit_exe -
HTTP links in PDF interactive object 1 IoCs
Detects HTTP links in interactive objects within PDF files.
resource yara_rule sample pdf_with_link_action -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource vir.exe -
NSIS installer 1 IoCs
resource yara_rule sample nsis_installer_2
Files
-
vir.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 264KB - Virtual size: 264KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 85KB - Virtual size: 85KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ