Static task
static1
Behavioral task
behavioral1
Sample
aa2fa1000f9fea03339edf67295dd043806294ec1644e38b7dd08e7d670d5423.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
aa2fa1000f9fea03339edf67295dd043806294ec1644e38b7dd08e7d670d5423.exe
Resource
win10v2004-20230220-en
General
-
Target
aa2fa1000f9fea03339edf67295dd043806294ec1644e38b7dd08e7d670d5423.exe
-
Size
101KB
-
MD5
977c9a890f0ab2864aa363a7d1455d83
-
SHA1
6513907adc294f6a32e43245b0e37f6622e24fbd
-
SHA256
aa2fa1000f9fea03339edf67295dd043806294ec1644e38b7dd08e7d670d5423
-
SHA512
ef7fed73f875c041145a0b2e0986a8ef17a728a71d538673b8ab1bc352868b7d240d1a2da451b883652ad25e41b17d5480be1e83f574664b0fc7a887f6733cc9
-
SSDEEP
3072:UjneREvAttH3OvEErCa0VUTx4r9SSZ6n:UjgEvAttH3OvEErCa5SZ6
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource aa2fa1000f9fea03339edf67295dd043806294ec1644e38b7dd08e7d670d5423.exe
Files
-
aa2fa1000f9fea03339edf67295dd043806294ec1644e38b7dd08e7d670d5423.exe.exe windows x64
f222a63f4b272ad341460e317faa357c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
advapi32
GetTokenInformation
SetSecurityDescriptorGroup
MakeAbsoluteSD
MakeSelfRelativeSD
RegQueryValueExW
OpenThreadToken
AddAccessAllowedAce
GetSecurityDescriptorLength
GetLengthSid
StartServiceCtrlDispatcherW
RegOpenKeyExW
InitializeAcl
InitializeSecurityDescriptor
SetThreadToken
FreeSid
OpenProcessToken
RegSetValueExW
RegisterServiceCtrlHandlerW
RegCreateKeyExW
SetServiceStatus
AllocateAndInitializeSid
EqualSid
GetAce
SetSecurityDescriptorOwner
RegEnumKeyW
RegCloseKey
RevertToSelf
AdjustTokenPrivileges
SetSecurityDescriptorDacl
LookupPrivilegeValueW
kernel32
GetModuleFileNameA
CompareStringW
CreateSemaphoreExW
HeapFree
SetLastError
EnterCriticalSection
GetCommandLineW
GetCurrentProcess
lstrlenW
GetStdHandle
ReleaseSemaphore
WriteFile
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetEnvironmentVariableW
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
GetLocaleInfoW
WaitForSingleObject
GetCurrentThreadId
OpenEventW
GetVersionExW
ReleaseMutex
GetSystemDefaultLangID
GetACP
OpenProcess
GetVersion
SetProcessMitigationPolicy
CreateEventW
MultiByteToWideChar
Sleep
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
SetEvent
CloseThreadpoolTimer
GetCurrentThread
AcquireSRWLockExclusive
WaitForSingleObjectEx
GlobalAlloc
OpenSemaphoreW
GlobalFree
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
LoadLibraryW
CreateThread
HeapAlloc
SetCurrentDirectoryW
GetProcAddress
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
ExitProcess
GetCurrentProcessId
UnhandledExceptionFilter
GetProcessHeap
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
GetFileType
DebugBreak
lstrcmpW
LoadLibraryExW
IsDebuggerPresent
GetSystemDirectoryW
DelayLoadFailureHook
LoadLibraryExA
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
OutputDebugStringA
TerminateProcess
SetUnhandledExceptionFilter
GetStartupInfoW
user32
MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW
IsCharAlphaNumericW
TranslateMessage
PostThreadMessageW
PostQuitMessage
GetMessageW
msvcrt
_errno
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
_ismbblead
__setusermatherr
_initterm
_acmdln
_fmode
_commode
_lock
_unlock
__dllonexit
_onexit
memcpy
memset
memmove
?terminate@@YAXXZ
_purecall
_vsnprintf
_wcsicmp
_vsnwprintf
__C_specific_handler
memcmp
ntdll
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
ole32
CoUninitialize
CoRegisterClassObject
CoRevokeClassObject
StgOpenStorage
CoInitialize
Sections
.text Size: 66KB - Virtual size: 65KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 248B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ