Static task
static1
General
-
Target
Demonfall-Dupe-Script-WorkInk-Installer_906818.exe
-
Size
6.3MB
-
MD5
62ea78a63b71a378a351cc4c1aa144fd
-
SHA1
fe3c5759a7ef5bd8200e5b752a0b7186461ce0c1
-
SHA256
7e9187e92daf00868c2383001a5dbf6bd795c476ba9a7124d878496ddd423e05
-
SHA512
a144311fb5ca01ed1f52cf677848d4f44abb276e5e9fecaa8b4b76387f1d5471b5110910325338b070740e15bb128ebdc8348cb172aa2b073b0a37520474d01f
-
SSDEEP
196608:gLr+TTlMW7v8crl5pIpmpxSVTgDKl5VJF9LlK/GJXi5l4fm4:gyTTrl4Phl5VJbl2uMl4fZ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Demonfall-Dupe-Script-WorkInk-Installer_906818.exe
Files
-
Demonfall-Dupe-Script-WorkInk-Installer_906818.exe.exe windows:6 windows x86 arch:x86
Password: dada
57c8dfcaaeb9800636e955099a8453bf
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
LeaveCriticalSection
GetModuleFileNameW
GetFileType
WaitForSingleObject
FlushFileBuffers
MoveFileExW
GetCurrentDirectoryW
GetTickCount
WriteConsoleW
WriteFile
ExitThread
TlsGetValue
GetProcessHeap
FindClose
ReadFile
LoadLibraryA
GetSystemDirectoryA
InitializeCriticalSectionAndSpinCount
ReadConsoleW
HeapSize
SleepEx
GetSystemTimeAsFileTime
InitializeCriticalSection
SetEnvironmentVariableW
CloseHandle
MoveFileExA
FindFirstFileExW
GetEnvironmentStringsW
RaiseException
TlsFree
DeleteFileW
SetEndOfFile
InitializeSListHead
SetUnhandledExceptionFilter
GetModuleHandleExW
SetLastError
TlsSetValue
GetConsoleMode
GetModuleHandleW
TlsAlloc
SetFilePointerEx
GetProcAddress
WideCharToMultiByte
TerminateProcess
GetFileSizeEx
HeapAlloc
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThreadId
GetCurrentProcess
GetFileAttributesExW
DecodePointer
FreeLibraryAndExitThread
FormatMessageA
ExitProcess
SetStdHandle
GetEnvironmentVariableA
IsProcessorFeaturePresent
LoadLibraryExW
GetModuleHandleA
GetFileInformationByHandle
GetConsoleOutputCP
WaitForMultipleObjects
IsValidCodePage
FileTimeToSystemTime
FreeLibrary
IsDebuggerPresent
EnterCriticalSection
CompareStringW
GetLastError
CreateFileA
DeleteCriticalSection
LCMapStringW
GetFullPathNameW
GetStartupInfoW
GetVersionExA
FindNextFileW
GetDriveTypeW
GetTimeZoneInformation
HeapReAlloc
GetCPInfo
GetACP
PeekNamedPipe
FreeEnvironmentStringsW
GetCurrentProcessId
GetOEMCP
EncodePointer
GetStdHandle
GetCommandLineW
UnhandledExceptionFilter
RtlUnwind
MultiByteToWideChar
Sleep
GetFileSize
CreateFileW
HeapFree
CreateThread
GetCommandLineA
SystemTimeToTzSpecificLocalTime
GetStringTypeW
user32
CreateWindowExW
TranslateMessage
SetWindowPos
GetWindowRect
DefWindowProcW
PostQuitMessage
MessageBoxW
DrawTextW
FillRect
LoadIconW
ShowWindow
GetMessageW
UpdateWindow
RegisterClassExW
RedrawWindow
GetSystemMetrics
GetClientRect
PostMessageW
DispatchMessageW
BeginPaint
EndPaint
gdi32
SetTextColor
SetBkMode
CreateSolidBrush
DeleteObject
advapi32
CryptReleaseContext
CryptGetHashParam
CryptDestroyKey
CryptCreateHash
CryptAcquireContextA
CryptEncrypt
CryptImportKey
CryptGenRandom
CryptDestroyHash
CryptHashData
RegEnumKeyExA
crypt32
CryptDecodeObjectEx
CertGetCertificateChain
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertAddCertificateContextToStore
CertCloseStore
CertEnumCertificatesInStore
CertFindExtension
CryptStringToBinaryA
CertFreeCertificateChain
CryptQueryObject
CertFindCertificateInStore
PFXImportCertStore
CertFreeCertificateContext
CertOpenStore
wldap32
ord46
ord41
ord27
ord301
ord33
ord79
ord35
ord32
ord200
ord30
ord26
ord45
ord60
ord22
ord211
ord50
ord143
ord217
ws2_32
closesocket
send
WSAGetLastError
WSACleanup
WSAStartup
recv
ntohs
getsockname
getpeername
WSASetLastError
getsockopt
setsockopt
connect
WSAIoctl
bind
htons
socket
inet_ntoa
htonl
gethostbyname
inet_addr
getservbyname
gethostbyaddr
getservbyport
accept
listen
sendto
recvfrom
select
__WSAFDIsSet
gethostname
ntohl
ioctlsocket
Sections
.text Size: 5.8MB - Virtual size: 5.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 135KB - Virtual size: 135KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 44KB - Virtual size: 58KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 74KB - Virtual size: 73KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ