Static task
static1
Behavioral task
behavioral1
Sample
4c29e07e6f1042f6abfddab9d2bc0c7ea18ec6061b3b75c7cfd45823f1ed8583.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
4c29e07e6f1042f6abfddab9d2bc0c7ea18ec6061b3b75c7cfd45823f1ed8583.exe
Resource
win10v2004-20220812-en
General
-
Target
4c29e07e6f1042f6abfddab9d2bc0c7ea18ec6061b3b75c7cfd45823f1ed8583
-
Size
160KB
-
MD5
7c4041b2504eb7b106289eeeb8909efb
-
SHA1
45d4dab986952542b83b2a664042897c7ea599e7
-
SHA256
4c29e07e6f1042f6abfddab9d2bc0c7ea18ec6061b3b75c7cfd45823f1ed8583
-
SHA512
c359ea0416fcca3defdeab34db558af7d4541a5c87717d9ac89f21cbd8009859a97265064d89ce9a76088071f6828a728cfdf282d30111b1ea0024f1192edeab
-
SSDEEP
3072:xEzK8LaqEIeLxOXke0cLXpXGelv0zFc1KfXW8en4UNjwZvzjJYSs:CZexOUeboe2BJu144YzjJC
Malware Config
Signatures
Files
-
4c29e07e6f1042f6abfddab9d2bc0c7ea18ec6061b3b75c7cfd45823f1ed8583.exe windows x86
364afe9e11ed251e77df2d540a70d78c
Code Sign
1d:d4:4d:47:8d:21:35:81:4a:3a:1f:38:d2:54:49:9cCertificate
IssuerCN=Root AgencyNot Before06/11/2012, 21:21Not After31/12/2039, 23:59SubjectCN=test-ipv6.com79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before01/05/2012, 00:00Not After31/12/2012, 23:59SubjectCN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
30:c1:f9:14:2c:85:4d:db:6c:d7:a4:48:9e:6b:72:a1:ed:6c:1a:1aSigner
Actual PE Digest30:c1:f9:14:2c:85:4d:db:6c:d7:a4:48:9e:6b:72:a1:ed:6c:1a:1aDigest Algorithmsha1PE Digest MatchesfalseSignature Validations
TrustedfalseVerification
Signing CertificateCN=test-ipv6.com19/11/2012, 23:34 Valid: false
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
LoadLibraryA
VirtualProtect
CloseHandle
LocalFree
ReadFile
SetFilePointer
GetVersionExA
LocalAlloc
GetFileSize
CreateFileA
GetProcAddress
VirtualAllocEx
GetCurrentProcess
SetEvent
CreateMutexA
GetModuleHandleA
ExitThread
VirtualAlloc
VirtualFree
GetComputerNameA
CreateEventA
GetModuleFileNameA
CreateSemaphoreA
advapi32
GetUserNameA
user32
ShowWindow
FindWindowA
DestroyWindow
UnhookWinEvent
MessageBoxA
GetDesktopWindow
GetForegroundWindow
Sections
.text Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 504B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 136KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ