Static task
static1
Behavioral task
behavioral1
Sample
16F0F3DAC1F5860D2D6ED940A3C20C070E22A913A847D.exe
Resource
win7-20230220-en
General
-
Target
16F0F3DAC1F5860D2D6ED940A3C20C070E22A913A847D.exe
-
Size
56KB
-
MD5
f6536f7fe9feef17adc493638395555b
-
SHA1
157307ead7905b1844dcc69458f0531e66b31fb6
-
SHA256
16f0f3dac1f5860d2d6ed940a3c20c070e22a913a847d7b0be0aa2e18181d599
-
SHA512
5313d816e2aba0c2f9a2627ed8f1a7507aec05d7f7089a51307743bb215b1fe15e1596699f3b092dc117a5fcf21772a38ce326be8c917ba9aa1fe2492df96da3
-
SSDEEP
1536:+tzqxvhrplLk9h8egJPfWunoGh4R17mZDLn845OUKMkQKFoNek+5UD:+T8N3WuoGh4KZDL1gmKF0ek+M
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 16F0F3DAC1F5860D2D6ED940A3C20C070E22A913A847D.exe
Files
-
16F0F3DAC1F5860D2D6ED940A3C20C070E22A913A847D.exe.exe windows x86
1487c4c5076ffe9457791bd5690f2a3e
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
memset
memmove
_CIasin
_CIatan2
memcpy
strncpy
strlen
kernel32
GetModuleHandleA
HeapCreate
HeapDestroy
ExitProcess
LoadLibraryA
GetProcAddress
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WriteFile
HeapFree
ReadFile
HeapReAlloc
HeapAlloc
Sections
.code Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.text Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ