Static task
static1
General
-
Target
b77bcfb036f5a6a3973fdd68f40c0bd0b19af1246688ca4b1f9db02f2055ef9d.7z
-
Size
173KB
-
MD5
8a781c7714bd10c017617622a90d6176
-
SHA1
4a52bd8618eab0e1e6733c15f94ff0c23c7c4dba
-
SHA256
1f7ea2f3b03d1e6878aa89e2cc4f0063d226564743ce9c80393e2ca47cc98d39
-
SHA512
cde881660b067e7027a0241b9ec813883d891173cae383185dc7ef80c8399dbd00b1364cabb8c786ec0ca44a1a3e91bde94ee405d4cc46c71a1e2e5e69bf0844
-
SSDEEP
3072:bDKNtcQf78kS2PeduxSs/DVxM0preEVAXDT0dxxnu5r+fHm/EDQNgnwE8:bD+Lf7JSmMceiAXDT0d0ENDcgwE8
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/b77bcfb036f5a6a3973fdd68f40c0bd0b19af1246688ca4b1f9db02f2055ef9d -
Detects 7zip archives 1 IoCs
Detects 7zip archives.
resource yara_rule sample enc_7zip
Files
-
b77bcfb036f5a6a3973fdd68f40c0bd0b19af1246688ca4b1f9db02f2055ef9d.7z.7z
Password: infected
-
b77bcfb036f5a6a3973fdd68f40c0bd0b19af1246688ca4b1f9db02f2055ef9d.exe windows:5 windows x64 arch:x64
4ae6125b79ed77df0f9302b1b2846ea8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
user32
EndPaint
DestroyWindow
TranslateAcceleratorW
GetMessageW
PostQuitMessage
DialogBoxParamW
LoadCursorW
BeginPaint
TranslateMessage
LoadAcceleratorsW
RegisterClassExW
LoadIconW
EndDialog
LoadStringW
ShowWindow
CreateWindowExW
UpdateWindow
DefWindowProcW
MoveWindow
DispatchMessageW
gdi32
GetStockObject
kernel32
CompareStringW
FlushFileBuffers
CreateFileW
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryW
EnterCriticalSection
GetStringTypeW
SetHandleCount
DeleteFileW
GetTickCount
WaitForSingleObject
GetSystemDirectoryW
ExitProcess
CreateMutexW
SetErrorMode
LoadResource
GetLastError
CloseHandle
GetCommandLineW
GetStartupInfoW
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
HeapFree
HeapAlloc
HeapReAlloc
ExitThread
ResumeThread
CreateThread
RaiseException
RtlPcToFileHeader
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
WriteFile
GetStdHandle
GetModuleFileNameW
RtlUnwindEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
HeapSetInformation
GetVersion
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WideCharToMultiByte
GetTimeZoneInformation
Sleep
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
MultiByteToWideChar
LeaveCriticalSection
Sections
.text Size: 214KB - Virtual size: 213KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 59KB - Virtual size: 59KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 11KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 168KB - Virtual size: 167KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ