Static task
static1
General
-
Target
build.rar
-
Size
24.2MB
-
MD5
1ba6ea97b25088fa2798ee5397833358
-
SHA1
a2412d5ab5cefdcb370c1e45e25e135b84972d2a
-
SHA256
786ab3315dfe7fa67c9e5cb5a0b9633ae9172b4cac3e23a661592b13e46ab7c8
-
SHA512
5f6f71424dd53ab7f14c8f0fe734931c84d851bb4b8bd9fa2a8c9b27cc98e7cd3f9869feda9c84ce05e0fca3ac35ed85569a227e6c583b34b56ff52a7471890b
-
SSDEEP
393216:Kny5Jfa8SuVbWyeQDSdOWAHLw1CxClxR7G38kyuTQsMIdNoHXjrECMTLoZHx74LC:fy0pDSFAHUEWxdRkyOBNoHzrE1LMx74G
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/build/b.exe
Files
-
build.rar.rar
Password: a
-
build/b.exe.exe windows:6 windows x64 arch:x64
Password: a
a4c0f90052636f585f48b8270d36d0f5
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
libssl-3-x64
SSL_connect
libcrypto-3-x64
OPENSSL_sk_value
user32
FindWindowA
ole32
CoCreateGuid
advapi32
CryptDestroyKey
msvcp140
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
ws2_32
__WSAFDIsSet
crypt32
CertFreeCertificateChain
kernel32
WakeAllConditionVariable
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
shell32
ShellExecuteA
shlwapi
PathFindFileNameW
psapi
GetModuleInformation
userenv
UnloadUserProfile
bcrypt
BCryptGenRandom
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__current_exception
api-ms-win-crt-runtime-l1-1-0
_get_initial_narrow_environment
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-stdio-l1-1-0
_read
api-ms-win-crt-string-l1-1-0
_wcsicmp
api-ms-win-crt-time-l1-1-0
_localtime64
api-ms-win-crt-convert-l1-1-0
atoi
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-heap-l1-1-0
calloc
api-ms-win-crt-filesystem-l1-1-0
_unlock_file
api-ms-win-crt-locale-l1-1-0
localeconv
api-ms-win-crt-environment-l1-1-0
getenv
Sections
.text Size: - Virtual size: 1.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 355KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 60KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.SERENE0 Size: - Virtual size: 17.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.SERENE1 Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.SERENE2 Size: 29.0MB - Virtual size: 29.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
build/workspace/Settings.txt