Resubmissions
02-08-2024 14:17
240802-rl1eaaxelk 6Static task
static1
General
-
Target
launcher.exe
-
Size
6.4MB
-
MD5
ea475a8eb597c8f86044e198dd89b809
-
SHA1
c9decf3afc3816939daa8a6ff5150da84681931d
-
SHA256
efc98d602e9814e47677a212b6fcb7f3d8b1d662c1472ee1a0ecacda23d3cbb5
-
SHA512
9c5d193c6dad23cbe41b6ab4022a9aef089e246b7959c8f8b666442a5228f7ea0882e7b303b7a899e54b86b47d57bee835d9d60480016a17f042ca14a1d61528
-
SSDEEP
49152:RCR0pLouHDiMLjpuXesNECKUMfO8Fg8y2U5YTpmR70P0Lk/1MDiSmldhNMtl3oMS:q0pLou7LjpeLhF5WMwNMt
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource launcher.exe
Files
-
launcher.exe.exe windows:6 windows x64 arch:x64
0ff48c05cfe606fb137a514976b23d50
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
Sleep
DebugActiveProcessStop
SetErrorMode
GetModuleHandleA
GetModuleFileNameA
GetCurrentProcess
GetACP
MultiByteToWideChar
CreateThread
GlobalAlloc
GlobalUnlock
WriteConsoleW
VirtualAlloc
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
SetThreadPriority
DeleteFileW
GetTimeZoneInformation
LoadLibraryW
HeapSize
WaitForSingleObject
GlobalLock
FreeResource
SizeofResource
SetStdHandle
HeapReAlloc
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapAlloc
HeapFree
LockResource
ReadConsoleW
SetEndOfFile
GetProcessId
GetConsoleMode
WriteFile
GetModuleFileNameW
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
GetModuleHandleExW
ExitProcess
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetStartupInfoW
IsDebuggerPresent
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetFileSizeEx
CreateFileA
VerifyVersionInfoW
VerSetConditionMask
WaitForMultipleObjects
PeekNamedPipe
GetFileType
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
GetTickCount
QueryPerformanceCounter
LoadLibraryA
FreeLibrary
GetSystemDirectoryA
QueryPerformanceFrequency
SleepEx
FormatMessageW
SetLastError
LoadResource
FindResourceW
GetModuleHandleW
GetProcAddress
CreateDirectoryW
CreateFileW
CloseHandle
GetLastError
ReadFile
GetStdHandle
GetCurrentProcessId
GetConsoleCP
FormatMessageA
WideCharToMultiByte
GetStringTypeW
GetCurrentDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetFileInformationByHandle
SetFileTime
AreFileApisANSI
MoveFileExW
GetFileInformationByHandleEx
LocalFree
GetLocaleInfoEx
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
LCMapStringEx
GetCPInfo
RtlUnwind
user32
CloseClipboard
GetShellWindow
ShowCursor
SetWindowDisplayAffinity
SetWindowPos
SetForegroundWindow
SetDebugErrorLevel
IsWindowVisible
GetCursorPos
SetCapture
ReleaseCapture
DefWindowProcW
PeekMessageW
SetCursor
MessageBoxA
GetKeyState
MessageBoxW
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
GetForegroundWindow
PostQuitMessage
gdi32
SetBkColor
CreateCompatibleDC
advapi32
CryptEncrypt
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
OpenThreadToken
OpenProcessToken
CryptImportKey
CryptDestroyKey
shell32
SHGetKnownFolderPath
ole32
CoInitializeEx
PropVariantClear
CoUninitialize
CoTaskMemFree
CoCreateInstance
oleaut32
VariantClear
SysAllocString
VariantInit
SysFreeString
d2d1
ord2
ord1
dwrite
DWriteCreateFactory
winmm
timeGetTime
normaliz
IdnToAscii
ws2_32
send
WSACloseEvent
WSACreateEvent
gethostname
ioctlsocket
sendto
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
closesocket
recvfrom
freeaddrinfo
getaddrinfo
listen
htonl
accept
WSAGetLastError
recv
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
__WSAFDIsSet
select
WSAEnumNetworkEvents
wldap32
ord217
ord46
ord211
ord60
ord45
ord143
ord30
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord50
ord200
ord301
ord79
crypt32
CertFreeCertificateContext
CertOpenStore
CryptStringToBinaryA
CertEnumCertificatesInStore
CertFindCertificateInStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertCloseStore
PFXImportCertStore
Sections
.text Size: 3.0MB - Virtual size: 3.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 233KB - Virtual size: 232KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 44KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ