Static task
static1
General
-
Target
Win32.SofacyCarberp.zip
-
Size
98KB
-
MD5
003b2c09b78db2b8ddbf043051dd7d00
-
SHA1
998e2429365040f9e8f8eecdf8576425dd8ab233
-
SHA256
feb4132c7ee80bcf3e8f2cc94a48bfd06bbc9a6a96f70c9e6293f883ba0fb8e7
-
SHA512
74cee76117680bf55eb1f6c6d7ed893ddf95daea3fe73f2eec63cc1d87c67e4e374656577a4019bce10d090ed229eb5c5c515da4ca92d29c48a4c0aa590f317c
-
SSDEEP
1536:bYBbFgxTG4LMJcyglZe/Ar1vJWFqHGbxI3rsReoCOZ8CKVzyhe+lSkgfXdn/hjfB:cB5yL6iW/dqHGm3rsReUZ8C06/gfhf
Malware Config
Signatures
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/Win32.SofacyCarberp.bin unpack001/Win32.SofacyCarberp.exe
Files
-
Win32.SofacyCarberp.zip.zip
Password: infected
-
Win32.SofacyCarberp.bin.dll windows:6 windows x86 arch:x86
Password: infected
01f3d0fe6fb9d9df24620e67afc143c7
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
crypt32
CryptBinaryToStringA
CryptStringToBinaryA
gdiplus
GdipSaveImageToStream
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipGetImageEncodersSize
iphlpapi
GetAdaptersAddresses
wininet
InternetSetOptionA
InternetQueryOptionA
InternetReadFile
HttpOpenRequestA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpQueryInfoA
InternetConnectA
ws2_32
gethostname
WSAStartup
WSACleanup
gethostbyname
kernel32
VirtualAlloc
GetPrivateProfileStringW
VirtualFree
DisableThreadLibraryCalls
lstrcmpiA
Process32Next
Process32First
CreateToolhelp32Snapshot
VerifyVersionInfoW
lstrlenW
GetVersionExA
GetSystemInfo
GetCurrentProcess
GetVolumeInformationW
VerSetConditionMask
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
LoadLibraryW
CloseHandle
Sleep
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
WaitForSingleObject
GetExitCodeProcess
CreateThread
CreateRemoteThread
GetExitCodeThread
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
IsWow64Process
GetLastError
CreateMutexA
lstrlenA
WideCharToMultiByte
GetModuleHandleA
GetProcAddress
LoadLibraryA
CreateDirectoryW
CreateFileW
DeleteFileW
GetFileSize
ReadFile
WriteFile
SetLastError
FreeLibrary
user32
wsprintfW
TranslateMessage
DispatchMessageA
wsprintfA
GetSystemMetrics
GetMessageA
advapi32
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
shell32
SHGetSpecialFolderPathW
Sections
.text Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 240B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 960B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 888B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Win32.SofacyCarberp.exe.exe windows:6 windows x86 arch:x86
Password: infected
7cfc69e858a62e1e5a68d5510338c173
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
HeapAlloc
GetProcAddress
GetProcessHeap
GetCurrentProcess
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
LoadLibraryW
lstrcmpiW
LocalAlloc
GetLastError
LocalFree
WriteFile
WideCharToMultiByte
CloseHandle
DeleteFileW
lstrcatW
GetEnvironmentVariableW
Process32FirstW
HeapFree
WriteConsoleW
DecodePointer
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
RaiseException
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
GetModuleFileNameA
MultiByteToWideChar
ExitProcess
GetModuleHandleExW
GetACP
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
CompareStringW
LCMapStringW
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
CreateFileW
advapi32
GetSidSubAuthority
GetTokenInformation
AdjustTokenPrivileges
OpenProcessToken
GetSidSubAuthorityCount
shell32
ShellExecuteW
Sections
.text Size: 72KB - Virtual size: 72KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 25KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 220B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ