Static task
static1
General
-
Target
Aware.exe
-
Size
31.8MB
-
MD5
bc651276530d8f43fd82dedba21d347d
-
SHA1
8edb26e9dd162915d2037bc6c63f420f82872e59
-
SHA256
fbc1ed7259cef8bcfa4f13270d4d3bce59622d7e6b90f42c0a89de874b6bb93a
-
SHA512
738c52911eadb2843474a40d7b10e2a7077487de1f4f9d57950d3149972e823f4030d18cba8af0fe7393080424732a8600802a2c5480df976bf31d3829f7653e
-
SSDEEP
786432:TkDFyVzpv0do+LJVtzZC/hAAle9mldBkflQ87v2sZ5:TkBydpbaV+Q9mldByK2u2
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Aware.exe
Files
-
Aware.exe.exe windows:6 windows x64 arch:x64
94b1798f7c54d69704410a7db059773b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
d3d11
D3D11CreateDeviceAndSwapChain
d3dcompiler_43
D3DCompile
kernel32
RtlCaptureContext
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
SetCursorPos
advapi32
IsValidSid
safeguard
?displayMessageBox@SafeGuardSDK@SafeGuard@@QEAAXW4StatusCode@2@@Z
imm32
ImmReleaseContext
msvcp140
?width@ios_base@std@@QEBA_JXZ
dwmapi
DwmExtendFrameIntoClientArea
d3dx11_43
D3DX11CreateShaderResourceViewFromMemory
normaliz
IdnToAscii
wldap32
ord41
crypt32
CertOpenStore
ws2_32
select
shlwapi
PathFindFileNameW
rpcrt4
RpcStringFreeA
psapi
GetModuleInformation
userenv
UnloadUserProfile
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__current_exception_context
api-ms-win-crt-stdio-l1-1-0
__acrt_iob_func
api-ms-win-crt-utility-l1-1-0
rand
api-ms-win-crt-string-l1-1-0
tolower
api-ms-win-crt-heap-l1-1-0
malloc
api-ms-win-crt-runtime-l1-1-0
_wassert
api-ms-win-crt-convert-l1-1-0
strtoul
api-ms-win-crt-filesystem-l1-1-0
_unlock_file
api-ms-win-crt-time-l1-1-0
_time64
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-locale-l1-1-0
___lc_codepage_func
shell32
ShellExecuteA
Sections
xV*n"".1 Size: - Virtual size: 840KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
a!P#3IGc Size: - Virtual size: 206KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
>c=\G5Sf Size: - Virtual size: 772KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UxDZvSZc Size: - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
q.MZGe)1 Size: - Virtual size: 21.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
zhe+Yms. Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
nqQ)Dbx* Size: 31.8MB - Virtual size: 31.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
]u8D_)M] Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ