Static task
static1
General
-
Target
unarc.exe
-
Size
209KB
-
MD5
99a7a301a29441db95bf25f2d6e7037d
-
SHA1
f4a32d76aa2d5e77c6632769f5fe3ea95669c47b
-
SHA256
3b7a0ef0ca48ff2c3d9511303003bb778df7842c5e782e9d9443d400b67eb791
-
SHA512
e1ccb8ee5f4a659e73293d120431d73699aabb92e5728c1a32aa36c897c945b59dd251695275808da1ebf80ecac368110f3e3e460c78aafa70cef6e9b471da70
-
SSDEEP
6144:AzfSuP18PD8rP/C0SGIBXnnEmIPIAGfeC0fn0DmZHEPAE:ifSEPkEmIZw
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unarc.exe
Files
-
unarc.exe.exe windows:4 windows x86 arch:x86
90d9d707df05ee9dfd38b12bc913503a
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
advapi32
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
kernel32
AddAtomA
CloseHandle
CreateEventW
CreateFileW
CreateProcessW
CreateSemaphoreA
CreateSemaphoreW
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindAtomA
GetAtomNameA
GetCommandLineW
GetConsoleTitleW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetExitCodeProcess
GetFileAttributesW
GetLastError
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetProcessTimes
GetProcessWorkingSetSize
GetStartupInfoW
GetSystemInfo
GetTempPathW
GetThreadPriority
GetThreadTimes
GetTickCount
GlobalMemoryStatus
GlobalMemoryStatusEx
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
LoadLibraryW
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSemaphore
ResetEvent
SetConsoleTitleW
SetEvent
SetFileAttributesW
SetFileTime
SetLastError
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualAlloc
VirtualFree
WaitForSingleObject
lstrlenW
msvcrt
_close
_read
_stricmp
_write
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_beginthreadex
_cexit
_filelengthi64
_flsbuf
_iob
_isctype
_lrotr
_lseeki64
_onexit
_pctype
_setmode
_waccess
_wmkdir
_wopen
_wremove
_wrename
_wrmdir
abort
atexit
calloc
exit
fprintf
free
gets
gmtime
localtime
longjmp
malloc
memchr
memcpy
memmove
memset
printf
puts
qsort
realloc
signal
sprintf
sscanf
strcat
strchr
strcmp
strcpy
strftime
strlen
strncmp
strncpy
strstr
tolower
wcschr
wcscmp
wcscpy
wcslen
wcsrchr
ole32
CoInitializeEx
shell32
CommandLineToArgvW
SHGetFolderPathW
ShellExecuteExW
user32
CharToOemW
ExitWindowsEx
GetActiveWindow
GetCapture
GetCaretPos
GetClipboardOwner
GetClipboardViewer
GetCursorPos
GetDesktopWindow
GetFocus
GetInputState
GetMessagePos
GetMessageTime
GetOpenClipboardWindow
GetProcessWindowStation
OemToCharW
Sections
.text Size: 183KB - Virtual size: 182KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 741KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE