Static task
static1
Behavioral task
behavioral1
Sample
launcher.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
launcher.exe
Resource
win10v2004-20240508-en
General
-
Target
launcher.exe
-
Size
23.1MB
-
MD5
acd8f3923a22367ce4cf998c260a2cdb
-
SHA1
f4a63274b43282caf9a9135dcd6c7fa197a12505
-
SHA256
9914c1a192204b50ac80c1d232a0b3f7b9fa7fde1a8406a8b1a55c8df1f6e6b6
-
SHA512
fa749e0ae4bdf527f70d3226400d7d70cd24abcfccffebe5b910d387e56d9e4da74a59455da83140209b937d09ae9a4b402c84648990207b9036f43624e8880b
-
SSDEEP
393216:z08pSTt0pmROPv1f2TbXjO3ChZDbph1B4jEk47gyrXGvU:z0SST3RsdejvNOSWvU
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource launcher.exe
Files
-
launcher.exe.exe windows:6 windows x64 arch:x64
2f8e84d21dd36441b3071bf177719657
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
winmm
timeGetTime
advapi32
OpenThreadToken
ntdll
RtlLookupFunctionEntry
ole32
CoUninitialize
bcrypt
BCryptGenRandom
kernel32
MapViewOfFile
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress
user32
PostMessageW
gdi32
CreateRoundRectRgn
shell32
SHGetKnownFolderPath
oleaut32
SysFreeString
msvcp140
?width@ios_base@std@@QEAA_J_J@Z
shlwapi
PathCombineW
version
GetFileVersionInfoSizeW
vcruntime140
strstr
vcruntime140_1
__CxxFrameHandler4
api-ms-win-crt-heap-l1-1-0
_callnewh
api-ms-win-crt-runtime-l1-1-0
_errno
api-ms-win-crt-convert-l1-1-0
strtol
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vswprintf
api-ms-win-crt-math-l1-1-0
_dsign
api-ms-win-crt-locale-l1-1-0
___lc_codepage_func
api-ms-win-crt-string-l1-1-0
strncmp
api-ms-win-crt-filesystem-l1-1-0
_lock_file
api-ms-win-crt-time-l1-1-0
_mktime64
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-utility-l1-1-0
rand
api-ms-win-crt-multibyte-l1-1-0
_mbsnbcmp
crypt32
CertFreeCertificateChainEngine
ws2_32
getsockname
Sections
.text Size: - Virtual size: 1.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 549KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 69KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 75KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.#/` Size: - Virtual size: 15.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.&>c Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.|g| Size: 23.1MB - Virtual size: 23.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ