Static task
static1
Behavioral task
behavioral1
Sample
c71c91c8c6cdb4cc17f2777a9078e0863f1e9ec76555043e85286af14fe275d4.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
c71c91c8c6cdb4cc17f2777a9078e0863f1e9ec76555043e85286af14fe275d4.exe
Resource
win10v2004-20230220-en
General
-
Target
97a2299be5863c0b77368f0d5a27f8b9.bin
-
Size
243KB
-
MD5
74b5dc0490185112b4bd9c13151d33a8
-
SHA1
b5ff36468b1cdcf803c4ad5666fd1a0c6109c41c
-
SHA256
da4d557ad7af4593a364c091a696dd8492fca316023fdf64fe13d97b36037da8
-
SHA512
8be7f38db337807983897ae9360a7a8bdc8f663e70f4c9dab00e84d67e5a4f510557c27bdd0715f4b49c338d11d7547eff6d94770e1df33549012546e6c99e40
-
SSDEEP
6144:wgIkhPxdKiTZHq9L3vc4+y95uoBShygTNVgnBxb+cm:zI6Pxd3HGLvc4+y9dMhvNm/b4
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/c71c91c8c6cdb4cc17f2777a9078e0863f1e9ec76555043e85286af14fe275d4.exe
Files
-
97a2299be5863c0b77368f0d5a27f8b9.bin.zip
Password: infected
-
c71c91c8c6cdb4cc17f2777a9078e0863f1e9ec76555043e85286af14fe275d4.exe.exe windows x86
Password: infected
ab2eb8e5a3c6d771edc653904f2b9e28
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetVolumeNameForVolumeMountPointA
GlobalFix
SetDefaultCommConfigA
GetDriveTypeW
AllocConsole
InterlockedIncrement
SystemTimeToFileTime
EnumCalendarInfoW
GetUserDefaultLCID
MoveFileWithProgressA
GetModuleHandleW
GetTickCount
ReadConsoleW
TzSpecificLocalTimeToSystemTime
SetHandleCount
AllocateUserPhysicalPages
GlobalAlloc
GetPrivateProfileIntA
AddRefActCtx
SetFileShortNameW
LoadLibraryW
IsProcessInJob
GetCalendarInfoW
SetVolumeMountPointA
GetConsoleAliasExesLengthW
GetFileAttributesA
GetFileAttributesW
CreateFileW
GetOverlappedResult
GetVolumePathNameA
GetStringTypeExA
GetProfileIntA
ReleaseActCtx
SetLastError
GetProcAddress
SetComputerNameA
SearchPathA
GetTempFileNameA
LoadLibraryA
WriteConsoleA
MoveFileA
FindFirstVolumeMountPointW
RemoveDirectoryW
BeginUpdateResourceA
AddAtomA
GlobalWire
GetModuleFileNameA
SetLocaleInfoW
lstrcatW
FreeEnvironmentStringsW
FindNextFileW
GetConsoleTitleW
GetCurrentDirectoryA
EnumDateFormatsW
CompareStringA
SetCalendarInfoA
SetThreadAffinityMask
DeleteFileW
DebugBreak
GetProfileSectionW
EnumSystemLocalesW
AreFileApisANSI
InterlockedDecrement
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
DeleteFileA
ExitProcess
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
HeapAlloc
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
IsProcessorFeaturePresent
HeapCreate
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
CloseHandle
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
WriteFile
GetStdHandle
GetModuleFileNameW
GetEnvironmentStringsW
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
HeapReAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
WriteConsoleW
Sections
.text Size: 107KB - Virtual size: 106KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 181KB - Virtual size: 2.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.kafibu Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 117KB - Virtual size: 116KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ