Static task
static1
Behavioral task
behavioral1
Sample
f3b60b9fb81de5df1dad130e2f384654f4cfc532bfe38f9719b6e43647334dc4.exe
Resource
win7-20230220-en
General
-
Target
05aa77273fbe5efb245560f519cddded.bin.bin
-
Size
98KB
-
MD5
1fa6519caf85f37263c87585948ff349
-
SHA1
a36a27345c89f767de904f70ad7e87c1a6804b4c
-
SHA256
2134b6ec8c8c2be521cc27f829608d56a4bf79857484d58da98dfd886782f196
-
SHA512
705e59fed91e2e3df2d5dcc06b53f69b74a11a4079d160bc193f35afb5c747cc9d07d502f2fe758505bbd21ce3b4a05175a335323cbceb658d415b430dfb2b6c
-
SSDEEP
3072:nIToefDV5RkyfYwpnbyPe7XWxu8Hr/J3R0:nIToef55yorby+XWxFa
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/f3b60b9fb81de5df1dad130e2f384654f4cfc532bfe38f9719b6e43647334dc4.exe
Files
-
05aa77273fbe5efb245560f519cddded.bin.bin.zip
Password: infected
-
f3b60b9fb81de5df1dad130e2f384654f4cfc532bfe38f9719b6e43647334dc4.exe.exe windows x86
65bf5cfe10d8c98f9683c9cde4453332
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
SetFilePointer
CloseHandle
DeleteFileA
DeleteFileA
GetModuleHandleW
GetProcessHeap
GetConsoleTitleA
CreateDirectoryA
CreateFileMappingW
GetStringTypeW
DeleteFileA
HeapCreate
SetEnvironmentVariableA
SetCurrentDirectoryA
GetModuleHandleA
GetStdHandle
GetStringTypeW
GetLastError
HeapFree
GetShortPathNameW
GetProcessHeap
GetVersion
GetExitCodeProcess
mstscax
DllUnregisterServer
DllCanUnloadNow
DllRegisterServer
DllGetTscCtlVer
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.dataz Size: 107KB - Virtual size: 107KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rs Size: 1024B - Virtual size: 544B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ