Static task
static1
General
-
Target
Auxia.zip
-
Size
22.5MB
-
MD5
3381a4e1a8fba70f42bfc792eb06d9cb
-
SHA1
3e98771002244735c8be26a2b7f71812a945b089
-
SHA256
c8baf97bed6b5efe86ee9c326f58f34cba6789ae96bae07091942706525463c6
-
SHA512
47e1e8b00b2a359a97c3900424ab98315dedb04f005bc0c03efbe96112581b1bf71f78d4484abb84609c75b2a34899822527fdb671173d82c50347ca86a214f5
-
SSDEEP
393216:Z8D15mbiMZub5UDwKoLATagjS9UG8Ba8/7N4ckRyxpJPYzkywGr0nvzi/MOAjWx:Z8DTbn5QwxUfzBn4ckoxjwMWwzi/VAjk
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/client.exe
Files
-
Auxia.zip.zip
-
client.exe.exe windows:6 windows x64 arch:x64
4f510d2d8c30386b4d5d40d055aff74b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
d3d9
Direct3DCreate9
d3dx9_43
D3DXCreateTextureFromFileInMemoryEx
kernel32
WaitForMultipleObjects
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
MoveWindow
gdi32
CreateSolidBrush
advapi32
CryptEncrypt
shell32
SHGetFolderPathW
msvcp140
_Query_perf_frequency
urlmon
URLOpenBlockingStreamA
ntdll
NtQuerySystemInformation
imm32
ImmReleaseContext
dwmapi
DwmExtendFrameIntoClientArea
normaliz
IdnToAscii
wldap32
ord60
crypt32
CertGetCertificateChain
ws2_32
getaddrinfo
rpcrt4
UuidCreate
psapi
GetModuleInformation
userenv
UnloadUserProfile
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__current_exception_context
api-ms-win-crt-runtime-l1-1-0
exit
api-ms-win-crt-stdio-l1-1-0
fgetc
api-ms-win-crt-heap-l1-1-0
malloc
api-ms-win-crt-filesystem-l1-1-0
_wremove
api-ms-win-crt-environment-l1-1-0
_dupenv_s
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-string-l1-1-0
_stricmp
api-ms-win-crt-time-l1-1-0
_time64
api-ms-win-crt-convert-l1-1-0
strtod
api-ms-win-crt-math-l1-1-0
cosf
api-ms-win-crt-locale-l1-1-0
___lc_codepage_func
Sections
.text Size: - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 350KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 54KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.`^^ Size: - Virtual size: 15.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.M_| Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.X$G Size: 26.2MB - Virtual size: 26.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
notify.vbs
-
update.bat.bat .vbs