Static task
static1
General
-
Target
X-Ripper.exe
-
Size
120KB
-
MD5
b5c92a11d9b24ef3a5aea361243b9357
-
SHA1
e49c338a2463aab79f9457a5314a3ba2631b1e7f
-
SHA256
eeb3e2a3e619ccf1394c61b15a9f97222e893a2c3ecf4fdc76d0001b0a435b2e
-
SHA512
3a0bb4abefa937a5da632076af0bd144bfbb6cc7a91129104e106b4d002f935010bb5a7f614a5340e6c8415fcc5d25080a145dcc28b6498567b7a371e3564d15
-
SSDEEP
1536:EOEoX2p3Ptn3CYtMFGopUSmxivVY9iM2pTwMMtE5PhjUiIax:sA21tnDmFGoE4dlMsMMMtaPhjUd
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource X-Ripper.exe
Files
-
X-Ripper.exe.exe windows:4 windows x86 arch:x86
Password: hi
268d39ef29f1c5f01bfec84b76509c36
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
DeleteFileA
WriteFile
CloseHandle
ReadFile
SetFilePointer
GetFileSize
CreateFileW
CreateFileA
GetPrivateProfileStringA
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetOEMCP
GetACP
DeleteFileW
FlushFileBuffers
SetStdHandle
HeapReAlloc
GetCommandLineA
MultiByteToWideChar
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
GetDiskFreeSpaceExA
GetCPInfo
GetDriveTypeA
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetEndOfFile
HeapAlloc
GetLastError
HeapFree
GetProcAddress
ExitProcess
SetCurrentDirectoryA
GetCurrentDirectoryA
VirtualAlloc
GetVersionExA
GetVersion
GetStartupInfoA
GetModuleHandleA
user32
SendMessageA
DialogBoxParamA
SetWindowLongA
LoadImageA
PeekMessageA
TranslateMessage
DispatchMessageA
InvalidateRect
UpdateWindow
CallWindowProcA
SetClassLongA
GetDlgItem
SetWindowTextA
SetWindowTextW
EndDialog
EnableWindow
ShowWindow
GetSystemMenu
EnableMenuItem
MessageBoxA
SetFocus
LoadIconA
GetDC
LoadCursorA
gdi32
GetDeviceCaps
DeleteObject
comdlg32
GetOpenFileNameW
GetOpenFileNameA
shell32
SHGetPathFromIDListW
SHGetPathFromIDListA
ShellExecuteA
SHBrowseForFolderA
SHBrowseForFolderW
ole32
CoInitialize
comctl32
ImageList_ReplaceIcon
ord17
ImageList_Create
shlwapi
PathIsDirectoryA
Sections
.text Size: 44KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 64KB - Virtual size: 63KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ