C:\Users\SerGreen\Source\Repos\Appacker\UnpackerWindowless\obj\Release\UnpackerWindowless.pdb
Behavioral task
behavioral1
Sample
vir.exe
Resource
win7-20240508-en
General
-
Target
4568557191778f07e87931a3cb8bb19f.bin
-
Size
295.2MB
-
MD5
4568557191778f07e87931a3cb8bb19f
-
SHA1
2de50b104aaa20166ac4a5ca54ffa2f7a10967ff
-
SHA256
10749906bc204c15934fdba1c3c5bb113156aadacd47d8609a3e543620f05c9a
-
SHA512
e29c43a141e5b83bb83bbb2cb86ce7b2b100163e1ec5557522cf4b6c5d2e83066539b4359f0adce282517300d5ce988e7c7f88a03b8d984c303a49033b915d6c
-
SSDEEP
6291456:iw1tbMVOw5GAdBLYWk8KmMzMr+Z3NaUSCs5rTZ/eLRl5:i8QhooYQKtzMr+ZdG/Y
Malware Config
Extracted
quasar
-
reconnect_delay
3000
Signatures
-
Detect Umbral payload 1 IoCs
resource yara_rule static1/unpack001/vir.exe family_umbral -
Njrat family
-
Quasar family
-
Quasar payload 1 IoCs
resource yara_rule static1/unpack001/vir.exe family_quasar -
Umbral family
-
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
resource yara_rule static1/unpack001/vir.exe autoit_exe -
HTTP links in PDF interactive object 1 IoCs
Detects HTTP links in interactive objects within PDF files.
resource yara_rule static1/unpack001/vir.exe pdf_with_link_action -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/vir.exe -
NSIS installer 1 IoCs
resource yara_rule static1/unpack001/vir.exe nsis_installer_2
Files
-
4568557191778f07e87931a3cb8bb19f.bin.zip
Password: infected
-
vir.exe.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 264KB - Virtual size: 264KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 85KB - Virtual size: 85KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ