Static task
static1
Behavioral task
behavioral1
Sample
dff6ffa61919a2ba9480ae3de313c6de60de9906db1303dd9c5559cd169f92b5.exe
Resource
win7-20220901-en
General
-
Target
dff6ffa61919a2ba9480ae3de313c6de60de9906db1303dd9c5559cd169f92b5
-
Size
415KB
-
MD5
84545a7c0dc7de2d77056df1507c2950
-
SHA1
4af3ed9494c9c7235630b95ff666eafe8fcbeddc
-
SHA256
dff6ffa61919a2ba9480ae3de313c6de60de9906db1303dd9c5559cd169f92b5
-
SHA512
229c78817b472c09be0daaa0c161147aee8826b8bcbbb7126763c3fca5a575cb07355a8165003b6df24639fe591c91499bf6e6bf092ca7bad53a60c7a422a639
-
SSDEEP
12288:zMHxEJuBQSYiz5eVBTdwEEn1vTWVBIy3yRAi:4HxEmPz5eVBhwE6pqB3Di
Malware Config
Signatures
Files
-
dff6ffa61919a2ba9480ae3de313c6de60de9906db1303dd9c5559cd169f92b5.exe windows x86
09d0478591d4f788cb3e5ea416c25237
Code Sign
39:26:63:08:0a:d4:d6:aa:44:70:25:f9:74:91:cc:bdCertificate
IssuerCN=VeriSign Time Stamping Services Signer - G2Not Before18/06/2011, 13:56Not After31/12/2039, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G27c:0f:5b:d3:a5:b1:79:a5:48:7c:fc:95:35:60:c3:24Certificate
IssuerCN=VeriSign Time Stamping Services Signer - G2Not Before18/06/2011, 13:56Not After31/12/2039, 23:59SubjectCN=ShenZhen Thunder Networking Technologies Ltddc:b9:55:dc:96:9a:59:3f:5b:7f:aa:c0:30:7b:bb:29:da:dc:48:a8Signer
Actual PE Digestdc:b9:55:dc:96:9a:59:3f:5b:7f:aa:c0:30:7b:bb:29:da:dc:48:a8Digest Algorithmsha1PE Digest MatchesfalseSignature Validations
TrustedfalseVerification
Signing CertificateCN=ShenZhen Thunder Networking Technologies Ltd28/10/2022, 15:07 Valid: false
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
Sections
.text Size: 182KB - Virtual size: 640KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 43KB - Virtual size: 44KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 512B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE