Static task
static1
Behavioral task
behavioral1
Sample
16f0f3dac1f5860d2d6ed940a3c20c070e22a913a847d7b0be0aa2e18181d599.exe
Resource
win7-20230220-en
General
-
Target
f6536f7fe9feef17adc493638395555b.bin
-
Size
46KB
-
MD5
ce8f0c41a6e4685d12d547ea55359ec0
-
SHA1
6e7e3beeba57701d69f805fb5843cb5ecb91beef
-
SHA256
9a77a4a3ce18eb96cc266f0a7a41528c71a8b6aaf8bd11217b1df2baad16a2ff
-
SHA512
48bdbfb0c6e107933ec3167e934ddf76985ed426212d1c025602e06f7a43f7bfb0510d2d2dcefe643657af78e190f8968e0e4f5e2be368768eda4f2de514674f
-
SSDEEP
768:tPWawj6Z6AQx4PBbH2+uxVxqK3qaPpXHwqBq3DhDP/KJB7MI+Zh4s5yrlWREH5vK:RWBj6EYBbbKqK6qXHdw3DVSNMI+Zhh5X
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/16f0f3dac1f5860d2d6ed940a3c20c070e22a913a847d7b0be0aa2e18181d599.exe
Files
-
f6536f7fe9feef17adc493638395555b.bin.zip
Password: infected
-
16f0f3dac1f5860d2d6ed940a3c20c070e22a913a847d7b0be0aa2e18181d599.exe.exe windows x86
Password: infected
1487c4c5076ffe9457791bd5690f2a3e
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
memset
memmove
_CIasin
_CIatan2
memcpy
strncpy
strlen
kernel32
GetModuleHandleA
HeapCreate
HeapDestroy
ExitProcess
LoadLibraryA
GetProcAddress
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WriteFile
HeapFree
ReadFile
HeapReAlloc
HeapAlloc
Sections
.code Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.text Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ