Static task
static1
Behavioral task
behavioral1
Sample
53c6ebd75518ed05b22ab762b476f48313b700283358dccb7d55b02f29cfe462.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
53c6ebd75518ed05b22ab762b476f48313b700283358dccb7d55b02f29cfe462.exe
Resource
win10v2004-20230220-en
General
-
Target
4e39579f1251ae570e145e352e7393f7.bin
-
Size
166KB
-
MD5
0439f1244f71dce10ac6a9aa0a7c5267
-
SHA1
682b0dfe38feab7416e4d0f70e086530f307f9f5
-
SHA256
d080665a2e670ebca96d72f5766911321583b00cb822dabc4d7a5da13e5c04e4
-
SHA512
81141c6b997269c4f105ac51d89f411cb134b582c8b74b896dfb8121a31e03f76ba8a14cffc7ad9fb3655c7f6a39efdc2557735453dfb5d3580b8feb7fb5d885
-
SSDEEP
3072:ORB7ZA3hRQMSE/RW6T0QwwR37al3LV7/k61NzF1tvCmAFlUsJsECbptkMfDBh47c:EB9SRB7pX0Qww57c3LV7/X1NJCTljsPB
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/53c6ebd75518ed05b22ab762b476f48313b700283358dccb7d55b02f29cfe462.exe
Files
-
4e39579f1251ae570e145e352e7393f7.bin.zip
Password: infected
-
53c6ebd75518ed05b22ab762b476f48313b700283358dccb7d55b02f29cfe462.exe.exe windows x86
Password: infected
2f859ca72f4146453ae321b5dff2ebd9
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetDriveTypeW
GetConsoleAliasExesLengthA
InterlockedIncrement
SystemTimeToFileTime
EnumCalendarInfoW
SetDefaultCommConfigW
SetComputerNameW
CallNamedPipeW
SetTapeParameters
MoveFileWithProgressA
GetTickCount
ReadConsoleW
SetCommState
TzSpecificLocalTimeToSystemTime
SetHandleCount
AllocateUserPhysicalPages
GetPrivateProfileIntA
AddRefActCtx
LoadLibraryW
IsProcessInJob
FreeConsole
InterlockedPopEntrySList
GetFileAttributesW
CreateFileW
GetOverlappedResult
CompareStringW
GetVolumePathNameA
GetStringTypeExA
EnumSystemLocalesA
GetProfileIntA
ReleaseActCtx
GetCurrentDirectoryW
GetProcAddress
SetFirmwareEnvironmentVariableW
RemoveDirectoryA
VerLanguageNameW
SearchPathA
GetTempFileNameA
LoadLibraryA
WriteConsoleA
LocalAlloc
BuildCommDCBAndTimeoutsW
FindFirstVolumeMountPointW
BeginUpdateResourceA
AddAtomA
GlobalWire
GetModuleFileNameA
EnumDateFormatsA
GetModuleHandleA
SetLocaleInfoW
lstrcatW
FreeEnvironmentStringsW
FindNextFileW
GetConsoleTitleW
EnumDateFormatsW
SetCalendarInfoA
SetThreadAffinityMask
SetFileShortNameA
GetVolumeNameForVolumeMountPointW
DeleteFileW
DebugBreak
GlobalReAlloc
GetProfileSectionW
EnumSystemLocalesW
AreFileApisANSI
InterlockedDecrement
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
MoveFileA
HeapFree
HeapAlloc
GetModuleHandleW
ExitProcess
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameW
HeapSize
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
CloseHandle
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetEnvironmentStringsW
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
IsValidLocale
GetStringTypeW
HeapReAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
WriteConsoleW
DeleteFileA
Sections
.text Size: 110KB - Virtual size: 109KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 88KB - Virtual size: 2.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.yakig Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 86KB - Virtual size: 86KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ