Static task
static1
Behavioral task
behavioral1
Sample
$sxr-cmd.exe
Resource
win11-20241007-en
General
-
Target
$sxr-cmd.exe
-
Size
163KB
-
MD5
ad739cf69f6437ce3d5a59ff684a32d6
-
SHA1
31629cacc22142d146c10f0147b7cc784c6268ca
-
SHA256
236e138954c9bce0ccd53f98247728e7c979df19d604a4e6f98f34ddb28fc3de
-
SHA512
f1c23fc0fd8c275db05e4f75d3c08bec7eed99424218589ce93a673087b670f166247f13b208eed5ac6e553ca98523df0c602034742cd24995779a4905dc0334
-
SSDEEP
3072:jQpsYu4jPpKh3aKHQijbK1kkRsztZaFFZJPr5Xzn7RPV8PdbbZDXIa1rr:jQpsYu4jPpKhq2Qijck4sztZaPZxrN7I
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource $sxr-cmd.exe
Files
-
$sxr-cmd.exe.exe windows:6 windows x86 arch:x86
eb3adbfdfdb25911eaec8fef643f639b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
shlwapi
StrNCatW
StrStrIW
StrCatW
StrCpyW
kernel32
SizeofResource
GetCurrentProcess
FindResourceA
GetModuleHandleA
LockResource
GetProcAddress
IsWow64Process
ExitProcess
GetProcessHeap
HeapAlloc
lstrlenW
HeapFree
LoadResource
advapi32
RegSetValueExW
CryptAcquireContextW
CryptGenRandom
RegOpenKeyExW
CryptReleaseContext
ole32
CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoInitializeEx
oleaut32
SysFreeString
VariantInit
SysAllocString
Sections
.text Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 151KB - Virtual size: 150KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ