Version
update
Static task
static1
1 signatures
General
-
Target
download.exe
-
Size
262KB
-
MD5
47541fc304471851cfa2d6776850313e
-
SHA1
14febd962de2bef90baeb743de40ffe34427ea3f
-
SHA256
fc6b39d0fe39794b8f182022d6c5e7860031dad03850af1e75555f91bedc939d
-
SHA512
250800304b710756f45d62a1abab74eb60d69f83fbc3cf97677b45a7ea33ab683913b2693f875225c7aa9718a13e0da549594c30f5fbc1e2aadf8006b69158ce
-
SSDEEP
6144:pkRJaJHtyuhDzrtLGe6xE9H6bDTBJljMY2o:Ma3NDzdGe6xE9HCDTrhq
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource download.exe
Files
-
download.exe.dll windows x86
d7dd4fdc57e0c83b3019cec8b65aad75
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CreateEventW
QueryPerformanceFrequency
lstrcpyW
ExitProcess
GetCommandLineW
GetDriveTypeW
FreeLibrary
CreateProcessW
HeapAlloc
InterlockedDecrement
GetCurrentProcess
HeapFree
GetModuleHandleW
GetTickCount
GetProcessHeap
OpenProcess
GetSystemDirectoryW
WideCharToMultiByte
GetLocaleInfoW
GetModuleFileNameW
CreateFileW
lstrcmpW
MultiByteToWideChar
GetStartupInfoW
GetLocalTime
Process32FirstW
GlobalMemoryStatusEx
GetSystemInfo
Process32NextW
lstrcatW
CreateToolhelp32Snapshot
GetDiskFreeSpaceExW
ResetEvent
LoadLibraryExW
CreateDirectoryW
WriteFile
CopyFileW
GetFileAttributesW
InterlockedExchange
DeleteFileW
ExpandEnvironmentStringsW
GetNativeSystemInfo
IsBadReadPtr
SetLastError
VirtualAlloc
LoadLibraryA
VirtualProtect
SetErrorMode
SetUnhandledExceptionFilter
CreateThread
LocalFree
WriteConsoleW
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
LCMapStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStringTypeW
HeapSize
lstrlenW
QueryPerformanceCounter
CloseHandle
GetLastError
FormatMessageW
CreateEventA
Sleep
SetEvent
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection
GetProcAddress
LeaveCriticalSection
LoadLibraryW
InitializeCriticalSection
GetCurrentProcessId
VirtualFree
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
ReadFile
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetEndOfFile
TerminateProcess
RtlUnwind
GetCommandLineA
HeapReAlloc
ExitThread
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
lstrlenA
UnmapViewOfFile
SwitchToThread
CreateFileMappingW
MapViewOfFileEx
GetFileSize
InterlockedIncrement
HeapDestroy
HeapCreate
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
RaiseException
InterlockedCompareExchange
user32
GetMonitorInfoW
SendMessageW
GetLastInputInfo
PeekMessageW
EnumDisplayMonitors
OpenWindowStationW
IsWindow
SetProcessWindowStation
MsgWaitForMultipleObjects
DispatchMessageW
GetForegroundWindow
wsprintfW
TranslateMessage
GetWindowTextW
advapi32
RegDeleteValueW
RegCreateKeyW
RegCloseKey
CheckTokenMembership
GetCurrentHwProfileW
RegOpenKeyExW
FreeSid
AllocateAndInitializeSid
LookupAccountSidW
RegQueryValueExW
GetTokenInformation
OpenProcessToken
RegSetValueExW
ole32
CoInitialize
CoUninitialize
CoCreateInstance
oleaut32
SysFreeString
SysStringLen
SysAllocString
ws2_32
setsockopt
htons
ntohs
WSAGetLastError
gethostname
inet_ntoa
gethostbyname
send
closesocket
shutdown
WSAStringToAddressW
WSASetLastError
WSAAddressToStringW
getsockname
freeaddrinfo
getaddrinfo
WSAStartup
WSAResetEvent
WSAEventSelect
WSACleanup
bind
connect
recv
WSACloseEvent
WSACreateEvent
socket
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSAIoctl
shlwapi
StrChrW
StrPBrkW
winmm
timeGetDevCaps
timeEndPeriod
timeBeginPeriod
timeGetTime
Exports
Exports
Sections
.text Size: 182KB - Virtual size: 182KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 46KB - Virtual size: 46KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 904B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 22KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ