Static task
static1
General
-
Target
VPriv (1).rar
-
Size
14.4MB
-
MD5
1269d2303cf66cf038c8362182fb8126
-
SHA1
31c2e716ce0e877436b756d47b30c083cfa1f858
-
SHA256
4cd2d50856ede786dfdf06a2259fff6d23287476d0dcaebbbff701835249af66
-
SHA512
588f59f93192a2fad44ded459df07b6704f4bfb9ed9ea5902c72e9e85d452b9f0d3f20f26b5d66679a42a0e6d6a31d9443bcdbba57c2320f2559585f51b8eb63
-
SSDEEP
393216:c5I9XfRiSiNKnPncYI8rOchqJULDshp3Ny/Dv:c5I9XfRiSiN+Pcg9wJODkp4/Dv
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/whocares.exe
Files
-
VPriv (1).rar.rar
-
README.txt
-
whocares.exe.exe windows:6 windows x64 arch:x64
44d0e00e343d89627fdc531e95881763
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
CheckRemoteDebuggerPresent
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress
user32
BlockInput
gdi32
CreateRectRgn
ole32
CoCreateInstance
oleaut32
SysAllocString
shell32
ShellExecuteW
d3d9
Direct3DCreate9Ex
advapi32
CloseServiceHandle
imm32
ImmGetContext
dwmapi
DwmEnableBlurBehindWindow
msvcp140
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
ws2_32
WSACleanup
urlmon
URLDownloadToFileW
ntdll
NtQuerySystemInformation
vcruntime140
_CxxThrowException
vcruntime140_1
__CxxFrameHandler4
api-ms-win-crt-stdio-l1-1-0
__acrt_iob_func
api-ms-win-crt-heap-l1-1-0
_aligned_free
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-runtime-l1-1-0
__p___argc
api-ms-win-crt-time-l1-1-0
_localtime64
api-ms-win-crt-filesystem-l1-1-0
_lock_file
api-ms-win-crt-string-l1-1-0
_strdup
api-ms-win-crt-convert-l1-1-0
atof
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
api-ms-win-crt-utility-l1-1-0
qsort
Sections
J@iuPP7U Size: - Virtual size: 1.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
7.f|{D.\ Size: - Virtual size: 300KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
&emMq`LH Size: - Virtual size: 61KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
%uh@a2(K Size: - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uu.,|Z2H Size: - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
kB?(9R81 Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
L?F(.J#c Size: - Virtual size: 38B
27:b7hT1 Size: - Virtual size: 10.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
i}\)1j+v Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Rjz.^g?C Size: 16.0MB - Virtual size: 16.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
??JCAi%1 Size: 512B - Virtual size: 268B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Ua0y#tK, Size: 512B - Virtual size: 422B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ