Static task
static1
Behavioral task
behavioral1
Sample
6a6412d8144185daee699dd5de22bb3bea46b2433cb4e45fd3ae4577831ce54a.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
6a6412d8144185daee699dd5de22bb3bea46b2433cb4e45fd3ae4577831ce54a.exe
Resource
win10v2004-20230220-en
General
-
Target
99fb5a0e5dffc90153c2e4c226cfd4cc.bin
-
Size
3.0MB
-
MD5
8a54b9904bd85f51c849ec233bc753d1
-
SHA1
68d3288ca0f874aa1d077c8aff7f100d93150cc3
-
SHA256
08f0e60f1403c38d07d5e93945dcae52738e8332c9ec0af8cbc0b1375cad5144
-
SHA512
ba779c01139938205d30405633742ba463a4144aab57d759dabcca853d9708c7424c103d3a21d96fca1d1cd4b9aead14c81a78aa258e536bd4dc1d7ea9e91b44
-
SSDEEP
49152:VgJeNQXv6BYf8bA0fAxAAJOL17fDFsKZllu6xXz1Tqd3QPrtfpdjAYFStKxXtY6p:keO660b6xTJU1rxs4llu6B1oQPrtX9Fj
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/6a6412d8144185daee699dd5de22bb3bea46b2433cb4e45fd3ae4577831ce54a.exe
Files
-
99fb5a0e5dffc90153c2e4c226cfd4cc.bin.zip
Password: infected
-
6a6412d8144185daee699dd5de22bb3bea46b2433cb4e45fd3ae4577831ce54a.exe.exe windows x86
Password: infected
a2a3e6d4fc968e1e65b99fc8b576cc36
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
GetModuleHandleA
GetProcAddress
msvcrt
memcpy
user32
GetProcessWindowStation
Sections
.MPRESS1 Size: 2.9MB - Virtual size: 7.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.MPRESS2 Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 156KB - Virtual size: 155KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE