Static task
static1
Behavioral task
behavioral1
Sample
f67ee77d6129bd1bcd5d856c0fc5314169b946d32b8abaa4e680bb98130b38e7.exe
Resource
win7-20221111-ja
Behavioral task
behavioral2
Sample
f67ee77d6129bd1bcd5d856c0fc5314169b946d32b8abaa4e680bb98130b38e7.exe
Resource
win10v2004-20220812-ja
General
-
Target
9140618352.zip
-
Size
269KB
-
MD5
2786339a1eb5f382060ba0bbf2643f73
-
SHA1
5ab76cf5480d8743bfaaff972e5f39b276483b80
-
SHA256
543d31099c988e8c30d9d2ffe8647228d2b2a5798b14a99acc612189b4140891
-
SHA512
b9dde81bd29bc64b36e7b449e564024e5e3e3f65892d95072da02ffccfa08646436f6b9922253b19521924bc7384daf1e235855392a7ccee0bc09b9ffef73705
-
SSDEEP
6144:tvvfv7LBkzkh/+3oZ0XJJtr6/nPF4R5JGMcAgsXiiRlnHks0sfyvhjB:tvvfv7IkhMO0f56/9G7cz4lHtfyZN
Malware Config
Signatures
Files
-
9140618352.zip.zip
Password: infected
-
f67ee77d6129bd1bcd5d856c0fc5314169b946d32b8abaa4e680bb98130b38e7.exe windows x64
Password: infected
6f44549ce46f4593eef652ac49e4452d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
DeleteCriticalSection
GetProcessHeap
GetDriveTypeA
GetModuleHandleA
GetTempPathA
LocalFileTimeToFileTime
FileTimeToSystemTime
LoadLibraryA
GetProcAddress
GetSystemTime
GetLogicalDrives
VirtualFree
VirtualAlloc
GetLogicalDriveStringsA
GetSystemTimeAsFileTime
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
SetStdHandle
GetFileType
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapAlloc
CreateThread
RaiseException
HeapReAlloc
GetLastError
HeapSize
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
HeapFree
CloseHandle
EnterCriticalSection
LeaveCriticalSection
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
OutputDebugStringW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RtlUnwindEx
RtlPcToFileHeader
SetLastError
GetCurrentProcess
ExitProcess
TerminateProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
WriteConsoleW
user32
DispatchMessageA
LoadCursorA
GetDC
GetSysColor
DrawCaption
ReleaseDC
LoadImageA
GetWindow
LoadCursorFromFileA
GetWindowRect
GetActiveWindow
ClientToScreen
GetWindowTextA
TranslateMessage
PeekMessageA
SetRect
KillTimer
GetParent
gdi32
GetFontUnicodeRanges
CreateDIBitmap
GetDeviceCaps
GetFontData
CreatePen
CreateDCA
CreateBitmap
GetSystemPaletteEntries
GetFontLanguageInfo
Sections
.text Size: 60KB - Virtual size: 60KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 78KB - Virtual size: 78KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 208B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ