�"a�����I���� �fS�h+ Ѣ{�3s�4p��>�{�����x���E'l�T����2^�hBu�'�lf ep .�Ō��:㳙��lT�\{�������ɂ��K�T��Ti�3�����r^E{�O�����?dq%e\��z�둋����;ވVcw�/hP!�a��ǾN��L�]��n��,�qg����k�������ִ���EÇp��Yr״P�*�tv� i�p+���çȀ�J���7Z���}�jrE6./u��,.���� ����!p#����a��`LթF?�,��Bjj���1��� !�|�=�&C��!��N�'"젙��NU̶�5tr�cb,k�*TS�g�����H���7Q*Hv�`�&A�?̥5�W��<�UlM��IMD'��v%�|ْ���Jm���� W�.8 %��`�-�E(ZΩ�]ek��DTiZ�ʤ���ġ�U[ĴM�������(�x�?�����K�K����~��N�yb�Ne���&0�s�*��(YQ�Q�B��m�Z��^�� �&ԁ���N�7�+8W'�� W �/ҭ��N���eE��H�efP���+6�U�����RA�� B{!��K�&��c��罆o@`ӝ�,d1ޅ�7��]r��NG�k���R���{�k���>�WV0��Q�2�O�q/�$����Q�^�n�H�����q�7�����֗q�տ8:�3����b��0+6��^�:�V��$rT�d��Li�|�#d�Ć��$}םg�<�gfaf���<q҇�RlU1NLg� Yd�M}ե��4y�������P�"��+ͣN}�9��mcɳ$d�<p��/��?���*"I��z����[��|�F4��oK]z����Г-�\�U�B���J� X����K���k���:��Lq:��XԲ�>��.~�q�C@�c*sS��BT^�~����N��kQG�������-c�5��Sf���b���<5p�n�j8k�v� y2S���D������#�,��4�i�4�S����hM��ʇ��������I���I-Gg�%��K���d��l�^�'f�{1m)�������qx:���!��퓸e��HԢ����z��9�*��s����N?{�Tw��ҩF���NA3�/������L��,��3"�.&C��k�h����A��%og�s�T�{=s{�k���lO*�n�h�`����"I�2��~�& t�q8��Z�P��b3e���Hph�5F���Q�k��6`+T7��'�E��C�a3~�O�@���&�]L� 7v̫����&s%;�K����y����3��}��Sl���g�/����v�9��R��Z!R�AEV�42Pd�?61�;WP;��V_�*p�t�{ʂ�uc���FI���t�tW�,�+�.(� �r��`ی|��c��OMo����6 ���_���:�(�s�+���5yဗ��t|({�Ϳ�5�KI���fI;s�5���3{��ҫ� '��fV�"爀�9X���7���`u����DIs����J1]'6���~u�[3���)~j���q³�� }e�s�1��oVVf9����s�%'7��k�W���w��i�`��ͅ>�u��TּH������C�M���� ��7[��$����z��)�R= ��"����n��L���CE���ꔪ�}e*����/��5YwY%z��Z�gq1���W*���YɎK��s�H�4A��8^9��� -�<{�+�?_>�nҙ���I�=��1C�Po��z�!*I�V�"���9��b�l~+���I�������֪P>?,�k��gX[\�/\^1� �]�xNu�oC��J9lօ j;�����"��АG�J<,�����;d�s�j�1:��L�A�'��kZ)!�~�&h���1��(e���9���Y�Ԣ3�3s��=���o c�e.|���B�?|�A�v$�1�d�%�< @�8�^�g*���D�Ԛ�1P���j�ڳ���~�܊��k����������k����}� Z�u��2֡y?�A�zu?��p�fy��ꎨ�l����Zb�58�!���D�ԄY�D��κbٲ�2Z��v�3�6��AqN}hW��Y �z�B�b?Q�D��_��-�R[��9��4rF �͠�X(��*�N���%�X���H� <Hm��2k}!��U[ռ|cY%�`�咀���{�"XY��Ma�F�lʜ!�|���O�R)�qJ nnᓥ��ʱ�u:IC�"J8�oD����?c���Viե�t�F������+���"�"�yUD����D(��8n}qBKd��f�釀���lT��D�$�Db��g��~���s` ��Q��9Z�5J��ۤ-PZyg��k�l~�ڮ�Szi�4�2q�4�J��Q�C5,}U���O#"��㛡=I��%��G��@4"��V�7���W�1|������+D#�<�G�Ū��ױߥ����g�������H�+T=?P����%�'��P�����F�� 1m,��$ �{^���B�^ͅ�$� �����O�g�\��Н��9��/� HA ���v�����k�`�OղU�<Fʂ��!��~wDMb }�Y[�������)��Nw茉�J�+�-¤����ޜk���-i�Ώ�J^r���x�؍[�O��"�q����m�P��Լ!���Sd�_��Ƽ�l\��u���&B��*�c?�3�%Z?������;�P��lA�P��r���"���0��q�3��Mn���p��̋E��XL�V�_���;v3��i�����<v�hX�u�����o�[0�<��[H���r'%|O�c<�%��S3��R�Y��~������b�Pd�닷yV9�ڿFBtU^͂m���W�({�(3$v�_��� �i.��x�����G��t�2ᵞ����OS�"��Y6��N���Dh��$�o��^������-ƴ��xG��Ըg�%{=g�#�%|�2� �:aK4�b$}�h�F`YT��3��U����l[0 ����~}wW��K�P9QNZ�'�&;��Ҩ�p��(� w��-`m Fӱ�C���ܹ��"����3��|5CV;?��ΥF&|ɔ+���b :�X���Ȗ +p�E.,#3�.���+�ʟjDE3{f����Ƃs��̨߉s�-my������S ��k�ݲ�6t�����*ƈ��3fɉ ����/�` ��-��9���M]�+��]}�\�/�������������c,!�{v�>�9�d�)���헀�U.����e-d&8�����6�K�(�o��$�bU��y�M&O�&�'��P-2� ��:l��9���Ѧ�Ő���j� ʏ�`E�WUJ�|&L�2�Y���,6����"x�M�W����~!�>���d�pi�'t١K�j�ʓ�S�[�(�m��>�s�C�;�?1�o�o��/��V=S��� fr��㣹��>�ڍ��4�ZU�{�E"U'���Nbȇp����7|B��a�۰�m(#̋��K��b�����ĵǏ�����ɤ��>��̨b{W�][%�S��Q��նڈs�^8w>�C �:��wM�
Static task
static1
Behavioral task
behavioral1
Sample
Unban.Tools Loader.exe
Resource
win10v2004-20240709-en
General
-
Target
Unban.Tools.zip
-
Size
5.0MB
-
MD5
7613827ea15445713eace7aa800f78d1
-
SHA1
5955721d3978e41956690e472bc621f16d67f148
-
SHA256
9a6870d5b1e9202e1e8808d2f432a62dcd9eb40827d909a7020282d5eb744bb2
-
SHA512
b7ea752f9de3ec3beb8139746e491bc914b530f816c16dab5aae561d60d9a44e856bbc304bf7cf09f7af523001c57b77ef09f8201b951bd6baf6e1c5223709d7
-
SSDEEP
98304:SeZ8fAq0Oz7SgThqRTvSzs47hPpA3KGF7dkeTIM0l4QZ:SV/T7xThwvSw04Kcdn8M0V
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/Unban.Tools Loader.exe
Files
-
Unban.Tools.zip.zip
Password: 112233
-
Unban.Tools Loader.exe.exe windows:6 windows x64 arch:x64
Password: 112233
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Exports
Exports
Sections
Size: 43KB - Virtual size: 100KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 12KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: - Virtual size: 192KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 191KB - Virtual size: 192KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 2.2MB - Virtual size: 11.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 2.8MB - Virtual size: 2.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
User Agreement.txt