?timeToReadableString@SDK@@QEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_J@Z
Static task
static1
1 signatures
General
-
Target
spoofer.exe
-
Size
45.1MB
-
MD5
6f21952c383a5e28ea6870a5df7e68db
-
SHA1
7bb2596b1627f691c78814fdc8e9932e900296e9
-
SHA256
20dc8db6905fd4fed9bc5f988c4bff0775d3cb182719abe0bf91844b7bf04262
-
SHA512
f6e2428cd63e8fbf6e395b38ec9eb9fec3d83ced4585e52fe5730c421538540dd5b9666dde17cf276c3da8ad29eee2a22e309577fde9155c1ffc9daf2cff021f
-
SSDEEP
786432:hkyYhI0l0iuW7IiPXyzEBDW/M8BH3YzbIEkvJN7YIsLvTDK1Bj:ohD0/zkWbKXIEkvPZwrm1p
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource spoofer.exe
Files
-
spoofer.exe.exe windows:6 windows x64 arch:x64
dbdc557059880d78ea0fe45e8ef39f8f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
d3d11
D3D11CreateDeviceAndSwapChain
d3dcompiler_43
D3DCompile
kernel32
WaitForSingleObject
user32
GetCursorPos
advapi32
RegOpenKeyExA
ole32
CoUninitialize
oleaut32
VariantClear
safeguard-lib
?isSessionValid@SDK@@QEAA_NXZ
secureenginesdk64
ord503
winmm
PlaySoundA
msvcp140
??Bid@locale@std@@QEAA_KXZ
imm32
ImmSetCandidateWindow
dwmapi
DwmExtendFrameIntoClientArea
d3dx11_43
D3DX11CreateShaderResourceViewFromMemory
winhttp
WinHttpReceiveResponse
ntdll
RtlCaptureContext
wlanapi
WlanEnumInterfaces
bthprops.cpl
BluetoothFindRadioClose
iphlpapi
GetAdaptersInfo
vcruntime140_1
__CxxFrameHandler4
vcruntime140
_CxxThrowException
api-ms-win-crt-stdio-l1-1-0
fgetc
api-ms-win-crt-utility-l1-1-0
srand
api-ms-win-crt-string-l1-1-0
strncpy
api-ms-win-crt-heap-l1-1-0
_set_new_mode
api-ms-win-crt-runtime-l1-1-0
terminate
api-ms-win-crt-convert-l1-1-0
strtol
api-ms-win-crt-filesystem-l1-1-0
_unlock_file
api-ms-win-crt-time-l1-1-0
_localtime64
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-math-l1-1-0
fmodf
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Exports
Exports
Sections
.text Size: - Virtual size: 1.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 263KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.romania Size: - Virtual size: 32.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.romania Size: 1024B - Virtual size: 568B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.romania Size: 45.1MB - Virtual size: 45.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ