Static task
static1
Behavioral task
behavioral1
Sample
PayPall_Gift10$.exe
Resource
win7-20220331-en
Behavioral task
behavioral2
Sample
PayPall_Gift10$.exe
Resource
win10v2004-20220331-en
General
-
Target
PayPall_Gift10$.exe
-
Size
2.5MB
-
MD5
afcc9432a35bcd5fb2cb4d003e88d812
-
SHA1
5e9d2898b4f4172efa0cff2e1aba62eb990cd3a7
-
SHA256
283bd00e86dca8c2a389445ce8b695cf5545655bb99b8798e1c70f7a199b1ae3
-
SHA512
435022ffc51617b6de5ef3ee27b6f514392e6fb4c17e688e5390f25532c7a6cad7bf8a53050814dcca6c3e14be7c51ea364bb20c60633f764acae1cdb42205cd
-
SSDEEP
49152:jaV2I/iz18uEu7TAJRxbZc5OAzoJPy8ro:jafizmuEuHqbe5kc8ro
Malware Config
Signatures
Files
-
PayPall_Gift10$.exe.exe windows x64
05e4ef8ba47d6d3b41a3cd7e41013f55
Code Sign
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ws2_32
bind
closesocket
connect
WSACleanup
WSAStartup
getsockname
ioctlsocket
shutdown
recv
getnameinfo
freeaddrinfo
getaddrinfo
getservbyname
gethostbyname
ntohs
inet_ntoa
htons
WSASetLastError
sendto
send
recvfrom
WSAGetLastError
socket
setsockopt
listen
getsockopt
accept
bcrypt
BCryptGenRandom
kernel32
DeleteCriticalSection
HeapReAlloc
HeapSize
GetTimeZoneInformation
GetStringTypeW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
FlushFileBuffers
SetFileAttributesW
GetFileAttributesExW
MultiByteToWideChar
GetFullPathNameW
GetCurrentDirectoryW
GetFileSizeEx
HeapFree
HeapAlloc
SetStdHandle
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetLastError
SetLastError
GetSystemTime
SystemTimeToFileTime
FormatMessageA
VirtualAlloc
VirtualProtect
GetProcAddress
LoadLibraryA
GetEnvironmentVariableW
WideCharToMultiByte
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
EncodePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
ExitProcess
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
CloseHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ReadFile
SetFilePointerEx
GetConsoleMode
ReadConsoleW
WriteFile
GetConsoleOutputCP
OutputDebugStringW
CompareStringW
LCMapStringW
Sections
.text Size: 1.9MB - Virtual size: 1.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 365KB - Virtual size: 365KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 219KB - Virtual size: 236KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 75KB - Virtual size: 74KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 348B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 21KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ