�F��=j����@�>�4+��ج������;aG����iC�A�a� �)@���Ň�1�i���A �5mx����u�"�ov�p�u�l��G�4�u$5�b_�'�d������%E j���CJK��J@:�������OCO��\>�kk�۽>��6�ݮd�w��}���Jx���n%5� �A�*z[ 7We>T������h3_y˾�g'�s5�����s�A��[�CT� 5�ĉ����S�Y~�d3�Z0ӫ����o�e�5�cE$��{�U��y�*�_�F����B9`��5_@Š`��ć�뚙od� ��66��Q/��w���8]&�-�^�e�<P�C,��f��N��ϲq���*FN�^M���UR�|���6@2��t:�)����'n����o�NA�>��4��h3�;<��>/�(�p� n��������H����s��T�T� յ���@�y�3���:���T2�f"���>�Mnneq8*$�����%q`ǣ�&x�9ɤ]Q�d%08���/�NO��fNIm�DH6 V�"�n��xzE������bcK|_{��>�PZ�4}��$>%e�=S r�?�h&1�]�� �P� *o\�y�J��2�*�8��r��3{�U���+� ��27��Ԭ���1b�cͩ��~˯it3�s"�q+Y!��y�az�jse1k"X��?f)~�C�#?��WY�������W۶${�a�z>{���h-7���删q�m�-(ݴ�$Mo�>��D��rR�jh�EDʪ�&f[���BnnjD��C�����1E�� � m|z��e�W���|�݈s�;�R%���V��Z�埁�3�����T����Lb�.�?�MK��t��kEdXU!D�Je�xD�<�g�B�L���D4�K��~G��`s&�"QM��iȅ2r�@d�|T��WsQ� ���!&�9�;�e�-��UU�;�[��P��"�ML5<:_���LjI���F�8V�݁�x �J��͟���_������p5]9��ZރޞfpM��=S�:VD��0تX��MZwF��!��T����i���Ev6+���;QoRL��P|���S���a��$|�,5��4_?T-oB���k�����qo~P⾢H�4��J7wgf���V���ZC2�5��KE�S�m��~-��Ve������:C �w�#\�%���=�Cj%:����W�S�'�y�x=lM��gHŋT�������O��k��?"Úɶ�:/��m�%.��qc�kG~6{.]+A�2[O8��O��S�<ỽ��Y��֦NY����g�͕�Pf)�Py�������J!�ĥ7���{�P-��8��0�7ǵ*�z�鐫LxխPB��j�*l*#�f�h�&�Ov��%�����!Đ��*3��˫�ւ=0O�|�n�_��U�p!�tĴ��ݷ�9��r�稶�V�@��!�q�B��yg{(��vI)e�2��#G��^��{,��˿fA2�ⱌ,`h���WG'�a �����������a�7G�U�W�_H�1> v�>���xX��~��h��*(���9@��f-��h�}� ��� �)���ĭ��q�/֪��Yj����S5�_����T�����&FP�a/� o2�� �~V���r�z]t��# �X�&"��<��������b�=҇b*6T����$��Q�ш��OM��i�-W�W��ؑ��i��*8X��v�8'�ٛ1`�L�k_7�s'.�y�=y�o�Ż�w��y�F ��<`�i���8�_~���ٞ�y0��)<��������b�˞ba��:�O�cm^m���˭�`*Tn��[�z�bڭ_W_��D��d�R���ӯy`����@wR5�tk�| ���@���o�f�!)4��/]̆<�F(�V���_�ww�>^�]r(��ǃ�����k�lτY!����z�t�����k�}�{1�\��6�GpT��F�*���������a��dF�Mj�(��(��Fsv���r2��i�I���7�<��ÚN@�eL�Z�����᧵!�Oa �e�'d�^������(����n�~#�U��3�9`3ζ���Z���9.��Ӿ��d������[<��t7�b��'$hn��s�Q�UF�c�ۅ(���R{m���g��M�%{d��l6���F~.#���CT&�>���@i�Xêt�D���p���Ѐ}8��<���t����a� �(�=�Co�����R�i�`Q�UӰ�.��ޯe-���4�4���O��#�==?.M�U@u��L���g�c[�Kq�T��3��?]˰}<���TX���d�h`z���}��k���8�Z�%~iP;�(ky� w�8�l�I�PE���;��B�n$L�)72�Ӳ���0������d]-��'��J��dJҳ_/[ϊl����P�H�D��l}��K����c���:�JU��r�J҄��h��s|�z/��NPcM$%��i ��(�������j��dg��`�r;�Aa]�L���DK�[|Ю;�/��cV�|�c~}J����h��� ,�Y6p,��X#l��ܰH����BE*A����Fz<��W$�4s��,(�q����/��&��c��t`+�A�C�ѵ]'���� {�D̅��H��TS��Y9�&&X %�a�_BA�8��<��W����1<S�ޢX�-[x���G���� �'3�!�h�3MU�ylU��h�"Ǜ���4��ܔ��C��J��/��|�d�C�τre�6d;m��Ryq��jFL���'�99>L~�hP�jкA�L9k���FD?lQE�V,b��X�(Ɉ��|��6I6,�x9�Ng��A[9 = �6��'=d'h����_ g)��� �����#X�F����Y�g��*�e�s+s`1t�t���tQ�n���Ȋ���,-ѵ�KjT+�qɅ���n=�гV��<R�E���5-*� �X2���f��O5Fa����5��!��+I�^��d�������-�����A����y��51�%!���������Z��D��,���Ő�5����k��!
Static task
static1
Behavioral task
behavioral1
Sample
blocker.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
blocker.exe
Resource
win10v2004-20240802-en
General
-
Target
blocker.exe
-
Size
5.6MB
-
MD5
872b0fa8c0306040f181d08c5d7a252b
-
SHA1
a08cf74361c96aa4d7e4503af6563c63b95f1973
-
SHA256
3a5576c4e7d9ed56cc295fea24ef0fa68cf4235dfefa434caa32015887e757c3
-
SHA512
23d8610ac8bfcb68695b652dd8d35edcc5f17994c90966ef0cabf11489d983cc852dd8e6d36ec85c78ec6f63cb6a7b21238a6d9687494f3ef99bc7ca86a4a277
-
SSDEEP
98304:GRx4heu/+/tswG+PJPigEtVTH41ZE6HqM/aZeOO4wZivrH/LXmfI1ZWQpy:GL4gy+/tbG+PJa3txT6KKaLbwZivrjdJ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource blocker.exe
Files
-
blocker.exe.exe windows:6 windows x64 arch:x64
51235326a5333254d9a2e7b5ce26509f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
UnmapViewOfFile
GetVersion
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
GetWindowThreadProcessId
CharUpperBuffW
advapi32
CryptDestroyKey
shell32
ShellExecuteA
msvcp140
?always_noconv@codecvt_base@std@@QEBA_NXZ
wininet
InternetOpenUrlA
normaliz
IdnToAscii
wldap32
ord79
crypt32
CertFreeCertificateChain
ws2_32
WSAGetLastError
rpcrt4
RpcStringFreeA
psapi
GetModuleInformation
userenv
UnloadUserProfile
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__std_exception_destroy
api-ms-win-crt-runtime-l1-1-0
_initialize_narrow_environment
api-ms-win-crt-stdio-l1-1-0
fseek
api-ms-win-crt-heap-l1-1-0
free
api-ms-win-crt-filesystem-l1-1-0
_lock_file
api-ms-win-crt-utility-l1-1-0
rand
api-ms-win-crt-math-l1-1-0
_dclass
api-ms-win-crt-time-l1-1-0
strftime
api-ms-win-crt-convert-l1-1-0
strtod
api-ms-win-crt-locale-l1-1-0
___lc_codepage_func
api-ms-win-crt-string-l1-1-0
strncmp
Exports
Exports
Sections
.text Size: - Virtual size: 456KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 111KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.lol0 Size: - Virtual size: 3.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.lol1 Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.lol2 Size: 5.6MB - Virtual size: 5.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 212B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ