General
-
Target
hwid-get.exe
-
Size
40.9MB
-
MD5
54ed1fbb731bc1480df5495bb083243b
-
SHA1
73f86b520e4b8f65e41a573ef559d0ad406b904d
-
SHA256
3820aea4ba8f28b462f6c31b1e10efce87144a6e465f220cd6c6fe9acdb973a2
-
SHA512
8954f5b0b9f84a30d10c8c6dcb2b83f21d2cfdb869c4ab5c66aa2671ef0448e8e96f4245c68ae1311a5b3aebd5341f5f28620640ce72f0e4a8eea2b343fb360f
-
SSDEEP
786432:ASZIlPmPoBP4fid+0G51VP03KOtVyfflKvQgMhtNEW8wgjUN:tZIlueP0id+/nVmKObylKvQgSNEWVd
Malware Config
Signatures
-
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource hwid-get.exe
Files
-
hwid-get.exe.exe windows:5 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
UPX0 Size: - Virtual size: 616KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 124KB - Virtual size: 124KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 403KB - Virtual size: 404KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
main.pyc