Static task
static1
Behavioral task
behavioral1
Sample
2d.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
2d.exe
Resource
win10v2004-20230221-en
General
-
Target
2d.exe.zip
-
Size
95KB
-
MD5
478bf4b12b00b55302cb127d2ae1158f
-
SHA1
8076bde7ab291dabe7373676ca945db0298aff99
-
SHA256
2c5b9875744f2f87bc76410024b5e76bbb75e8fc790b3435a792da16eb107f86
-
SHA512
cd589dcf9e2b029fde5aa2c3dd74d1dda9ebc455b1f77660df4fe453e6d550e2b3d618f4a4c997ad37215fe726d754414e815dcc565db2647ede46d88010e07e
-
SSDEEP
1536:mKsxzYVnQI0E7PfRJEHRg2pmM/iVfHSF5qyVmVf8l2Xluaduigk3cj9RYw1KegLl:eGVndjpuK2pH6NH0Dck2lh/gksj9RYws
Malware Config
Signatures
Files
-
2d.exe.zip.zip
Password: infected
-
2d.exe.exe windows x86
432e7d6a2f44ca1d82d4da23406c7934
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
ord587
ord695
ord698
MethCallEngine
ord518
ord519
ord660
ord662
ord663
ord664
ord593
ord595
ord303
ord702
ord598
ord703
ord704
ord705
ord309
ord709
EVENT_SINK_AddRef
DllFunctionCall
ord673
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord608
ProcCallEngine
ord537
ord538
ord648
ord575
ord685
ord100
ord610
ord611
ord612
ord540
ord541
ord543
ord544
ord546
ord581
Sections
.text Size: 28KB - Virtual size: 27KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 116KB - Virtual size: 115KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ