Static task
static1
General
-
Target
Aware Silent Chair.exe
-
Size
25.7MB
-
MD5
50da3153742b5d2e464af12223f34690
-
SHA1
df19dacb569d319a18754a7623177591945fb44d
-
SHA256
1f4d8b392f1ef28f75c3471d75d5a185d933d07fb038e5aea6405893543b3fbf
-
SHA512
73fe007ae6b41799ebb60632323ba095921552e08d5426cd0f4fb2057c700c1e919ddbbebc596572e7e606d98ca5fe3dd97c8dc2908fc63584d9562b2cf828f7
-
SSDEEP
786432:lnqVSGCH9BiRbOcBxFkW2KoyzgJ1kpGc6B:ZpPBAbOcBv/XoIgJ1n
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Aware Silent Chair.exe
Files
-
Aware Silent Chair.exe.exe windows:6 windows x64 arch:x64
b7293c080b6d37ff99dccf83000c0384
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
d3d11
D3D11CreateDeviceAndSwapChain
d3dcompiler_43
D3DCompile
kernel32
WideCharToMultiByte
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
SetClipboardData
safeguard
?antiVirtualization@SafeGuardSDK@SafeGuard@@QEAA?AW4StatusCode@2@XZ
imm32
ImmReleaseContext
msvcp140
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
dwmapi
DwmExtendFrameIntoClientArea
d3dx11_43
D3DX11CreateShaderResourceViewFromMemory
normaliz
IdnToAscii
wldap32
ord211
crypt32
PFXImportCertStore
ws2_32
ntohl
shlwapi
PathFindFileNameW
rpcrt4
UuidCreate
psapi
GetModuleInformation
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__std_exception_copy
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vsscanf
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-string-l1-1-0
strncpy
api-ms-win-crt-heap-l1-1-0
malloc
api-ms-win-crt-runtime-l1-1-0
_wassert
api-ms-win-crt-convert-l1-1-0
atoi
api-ms-win-crt-filesystem-l1-1-0
_unlink
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-time-l1-1-0
strftime
api-ms-win-crt-locale-l1-1-0
localeconv
api-ms-win-crt-math-l1-1-0
acosf
advapi32
CryptImportKey
shell32
ShellExecuteA
Sections
Vozr<4&Y Size: - Virtual size: 694KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
N,-pHWKb Size: - Virtual size: 176KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
)!]c&oEG Size: - Virtual size: 552KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
V\A.s3sW Size: - Virtual size: 29KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
z2o>tJaG Size: - Virtual size: 16.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
*:fp=Y`S Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
mH\Hwu^& Size: 25.7MB - Virtual size: 25.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
UyIhfU3o Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ