C:\Users\SerGreen\Source\Repos\Appacker\UnpackerWindowless\obj\Release\UnpackerWindowless.pdb
Behavioral task
behavioral1
Sample
vir.exe
Resource
win10v2004-20240508-en
General
-
Target
vir.exe
-
Size
286.6MB
-
MD5
7c5cf3ce4d3503546558c739d4239a39
-
SHA1
7f2100a559c6ec01069352f8e809d25922b6ce5a
-
SHA256
5ee18324f0802b091c03af5dea8115af60c111257b426950869c18bc78dd54f2
-
SHA512
8838d44ba63ed24d4b5ff773a2f1d70ce55eacabf1e3fac6ac1274d454081b676fcedfa86d8373e70d95198d395a164d0463e8fde3ab14206a434b6d22fd5d94
-
SSDEEP
6291456:RodBeWFv1k4R4b0ewZkhT4ofHwJjvZDQPf2tLSkHMdHVeVl:RWeSWgfecGT4RjvqP85kAr
Malware Config
Extracted
quasar
-
reconnect_delay
3000
Signatures
-
Detect Umbral payload 1 IoCs
resource yara_rule sample family_umbral -
Njrat family
-
Quasar family
-
Quasar payload 1 IoCs
resource yara_rule sample family_quasar -
Umbral family
-
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
resource yara_rule sample autoit_exe -
HTTP links in PDF interactive object 1 IoCs
Detects HTTP links in interactive objects within PDF files.
resource yara_rule sample pdf_with_link_action -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource vir.exe -
NSIS installer 1 IoCs
resource yara_rule sample nsis_installer_2
Files
-
vir.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 264KB - Virtual size: 264KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 200KB - Virtual size: 199KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ