Static task
static1
Behavioral task
behavioral1
Sample
b002e90f98f6643ade82b4d657b920bc.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
b002e90f98f6643ade82b4d657b920bc.exe
Resource
win10v2004-20220812-en
General
-
Target
b002e90f98f6643ade82b4d657b920bc.exe
-
Size
1.6MB
-
MD5
b002e90f98f6643ade82b4d657b920bc
-
SHA1
2c56bae21ca4cc1d16c58a7f53add0a8ac54fa57
-
SHA256
8a1197f828988b534acf6542b5ee75239c35fc94aeeee293e45d1d01d512b29d
-
SHA512
c0870f71a2d237f90a0bbf982fb69bae82391efb1bb0806af557a406d1d23ec7838e52ab4c8d8144feeec24cd827e78e1506310eab2b1fc831aef17f8cefa87c
-
SSDEEP
24576:+7hfMeJ3ruTTdFkaasfMLAjJvrypuvGPp+2dhvj8OjzEJjug8q6x5h5T7U9NKLTj:YhfMeVrulF3LCJue5z8OjIJJi
Malware Config
Signatures
Files
-
b002e90f98f6643ade82b4d657b920bc.exe.exe windows x86
0c97ddc9d63b0f26cfbe7178cd8dbee0
Code Sign
0a:56:dd:60:61:94:3f:f4:f9:86:11:c4:3f:a4:21:74Certificate
IssuerCN=DigiCert SHA2 Extended Validation Server CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before08-08-2022 00:00Not After08-09-2023 23:59SubjectSERIALNUMBER=CU.0000872,CN=scu.org,O=Scott Credit Union,L=Edwardsville,ST=Illinois,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#1308496c6c696e6f6973,1.3.6.1.4.1.311.60.2.1.3=#130255537b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate
IssuerCN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before12-01-2016 00:00Not After11-01-2031 23:59SubjectCN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate
IssuerCN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before23-12-2017 00:00Not After22-03-2029 23:59SubjectCN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
61:65:4e:ad:07:c8:c0:66:25:9a:01:83:ef:53:74:0d:76:3e:0e:c9:77:3a:7f:6a:cc:03:e4:94:e4:73:0a:0aSigner
Actual PE Digest61:65:4e:ad:07:c8:c0:66:25:9a:01:83:ef:53:74:0d:76:3e:0e:c9:77:3a:7f:6a:cc:03:e4:94:e4:73:0a:0aDigest Algorithmsha256PE Digest MatchestrueSignature Validations
TrustedfalseVerification
Signing CertificateSERIALNUMBER=CU.0000872,CN=scu.org,O=Scott Credit Union,L=Edwardsville,ST=Illinois,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#1308496c6c696e6f6973,1.3.6.1.4.1.311.60.2.1.3=#1302555325-01-2023 18:16 Valid: false
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
lstrlenA
TlsGetValue
GetTickCount
GetProcessHeap
SetFileTime
Sleep
ReadFile
GetModuleFileNameW
lstrlenW
GetLastError
SetLastError
lstrcmpiA
GetCommandLineW
IsValidCodePage
GlobalFree
LockResource
GetSystemInfo
GetOEMCP
GetModuleHandleA
GetThreadUILanguage
GetProcAddress
GetSystemDefaultLangID
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetLocaleInfoA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
RaiseException
user32
GetWindowTextLengthA
GetForegroundWindow
GetDlgCtrlID
IsIconic
advapi32
RegOpenKeyExA
shell32
CommandLineToArgvW
Sections
.text Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 1.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 144KB - Virtual size: 144KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 17KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ