̪�$Y-�`ht ^����b��$�쬮���;���N*��1��R��MZ1_�|��+k���6�_Oyi�Ē�c��w��8V1Vq �ޗΈ�}��.P����I���O�(���r��mA�b��#R��`=�%��?|�""��T���w��x���&���Z��t�P�r$H�"^G�Z�����aԠuY�ϻ��~lD'k�l�̧XQ,}f��W�� �^�V-f���I �2�up��o XVF�����'-��,Ib� D�1f� .�=�W��z&���U�����6��Y��g˫���Ge�?���1X��/t��H{��)�{D�4�;$(��z\�i' K������LF�u����{���,|�˺���3��0��-gz�~����"�K��'��d����{ ZkD�:;��ьZR�O�v����+�⠛G����^���<XV�9�O5lZ��&�wI 6�C�d��Ѧ��ѫ:����p ����h�R�'�b�>k��'$�v%w�_�� ��@��0�85�r,�����n��{�����VR}ŶzzU�4c�ʞ� PY�C�@�ų��5�=��VI��N/����l8^�ٖ;cG�)H�%�X��R<YΌ��{hQO2nT?�ܩ��߅��#u3�+�(h?�>a�U2|����\����裳�~^f��'����������Ή��Oi4�� �aѶ�Ѿ\��� ɰo�@�LU���5�7���]���7 =V9��{C4�hz��<;ij�Cbw"�P�n��t���g'K&��x (0�h�E�1L�]�O`ݰ�H֔�]�{���̨�����R��2��k��#�l�3S���^��t�ju�̄r,˴� `/Mz�����sT��W ދ���,��o���!��ϖR6�%�!:thmjr�8!2�< {R�q�6y촥���ҒaB����̣���$�Abn߀�o������x�$�&ނ����!: �:B-������������]�w?��*�{B��"�#�U�/����:G`�V�2�ot5��&FRd�C��tw�K��*�):�0��j)!�������w���I��;L4T��]�:C������BX2G��:���$� ���Ҿ�7���|��4�����Ӫ�|�a H4�����lj���rl�"�z`z������)e�s�8VT�)��#�:�P(J������L�R�Swo�ζn��֖�+��,��ї�*��f>!�cJ���X�$k�,�h�[>T�/��s���K��#|�����㎊e�˖��7M�����V]x�t�쟴��}���yg����(F�q�ydS���s���l�r�h��D��5��܀��@���t���?~�!�������7罴�91'Y�M��D�7���ő$�Q@- K���,٘��������R��%���H��؉��k�a������Lށ��NN���y?�Z��ڄ��&�����L�)6���{838��ܦ���-�����9�nVD�C����60�f`)������>���dkH��P� ��? {���P��o$�����/5H�A4/mє=Xw��ԿM'AK�e�}���w�!3_�}��=�B@��� ��k�_�訽�uKr|�f�B��W�:�I�+���?d�vZ7x��c��l.��@+�� OL�7��Ŀ��ֻ��r����1���˅�`o��CE�\AΊ.�KRC�hj�Ń�.�?�G� ���d1�����<9�����ڳ�R�Ugb�i����0H?#���ϢSL��4k��m��3ڭ�'�hee}�� ˅���S�I��쳘�B���E)3�a���$8�k�WYC<�$���xE�m��������%�s�:���a g�ε���ZK B��4����x?&�9Ws ]R�� ������c�e,\�z�,���h �A��lr��y�� ��5�)e[���=���|pYf�N^�n�qM���6�)��^Dxh�����6u����3,�zM�n�����)��6���5=��I�4˟ ��qU�Z�F���g$EX��)�A) p(����u��`�'�<��C���^��,�4ޅ����2{� o!��@Tq��5i ۢ�glb�9��C+`�0D+�)�HU/� �9tʌ(K�bci��������Jv�B��#�����˨l�nx�%�e�PO" S̏���d���/>pz'�}�����K�7+�J��5t��VJ��\�Vp��~^ɢp{K0~3 �v.��K���x^h�� ���i��i�e�Wr����Q���x��ya�u>�A<��*���:A�L���~�4ȪC��_�>ۈ�Vϖ�W�+�;���)"i��h=P^#v�2�T�1�g����������gl p$���?j� ��/Ϝ�?Yƒ���>�_W �A�Y�/ 7���=�l2N���0���6\4��|�h�*��<����Q�rI�GT:5�r\$�T�߈�1�Ѯs�p��X�Q�"yR� Wݢ������n�O��p����`��F�0oZ�$�9�J8���w��R�Ud��w����D� c^s#�� ���u��V+Q`��O�����N^ז8g=H� �kn�<5�?�T���cm(N��³*�7,pa\�Mx�^Muwmj<a��y/Bu$�s1]+0�����B���b��5i�(�?�]��6}�M�����6�����c��M�҃4���iW���>y͠�F�͂M�\�+��XTCB�q�H�7�Ǹ_���`�6�or�/bLn��[�ZjJ�ѐ��[.�N ���}X���O���psQ3ノX*.N��������u�M��p�vɏ"6@�F�WUj��[��c�Xlik��%��cR���"� VV����[��#��f�)rx#{�<;`���Ljr���26L��m'������K�w;,���6��-3��!�+�/������T8++��97�Y�/F�o"%r֏��|1 ���v��5^y�%[��&D���x~�� &�l�h�o���� 6s���������X��ˢ�c���`�㾦C����_��9���*��{(�;%7\P���s��ڙ�-�o¬R�|o��d�-� ��VUQtD�6m'�2�%C�И���ѼdG~��S�?�x7�/.�핢�f��2o.0�)���cW'��ڏ��߶|�~j�#ن�牭����� L95�QA�+^���L��=Y$�5�x��"��M��U{�@g�';z{�r
Static task
static1
General
-
Target
HwidSpoofer.exe
-
Size
10.6MB
-
MD5
65aabd9125a89fca26afa46b03f0b443
-
SHA1
158539e69c5b9a89e920c4c3a8663a2d834ba829
-
SHA256
55322ec17470fd1146269ae4443d6fa1a527ae9591d328a6c033f5987b520769
-
SHA512
ebf62377a88b736f6985a8b524cd1bd6a5a2ab319b548d613a21e8d517cf61f22439a84575b367208ec6449f252696d4bff493eb59ed87b79cf4f22b6e1befa3
-
SSDEEP
196608:54tAcRPhZLzp2qBZT+6lKLIzkJKf+IP6NFGngWd5srJ0fB:5CPTp2qj+l8+psgWd2rQ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource HwidSpoofer.exe
Files
-
HwidSpoofer.exe.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
Exports
Exports
Sections
Size: 7.5MB - Virtual size: 7.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 120KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 112KB - Virtual size: 120KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 274KB - Virtual size: 11.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 2.7MB - Virtual size: 2.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE