Static task
static1
Behavioral task
behavioral1
Sample
be6ad6eba009beba8714bb2afb4475ab646c2a4b5129eff0724ec94f14718c43.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
be6ad6eba009beba8714bb2afb4475ab646c2a4b5129eff0724ec94f14718c43.exe
Resource
win10v2004-20230220-en
General
-
Target
1b24dd46ba791acda6bde3f177605069.bin
-
Size
14KB
-
MD5
68964e1b1a904929b74321a2ce153f70
-
SHA1
23b5f61dd15c71d3e4906ff237197d7c6080dcae
-
SHA256
fa7a33a75495bb14f2d5c3284938b972f0009da02ef3da2c23147b75e5ba04aa
-
SHA512
4224570a2178db4cb4993deb736d0fc7545929b635e7bb55a7a75ca649a87622f3bf03ed77da67ff64ed300afdc44f9d5732e64cbf3adbbe777a1dab7d26c958
-
SSDEEP
384:Vc6GqyFqz9opKsrVaOc1RR8y7/qt7uF0+HF1Z:byFqz9JsrsOKdSt7YbHB
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/be6ad6eba009beba8714bb2afb4475ab646c2a4b5129eff0724ec94f14718c43.exe
Files
-
1b24dd46ba791acda6bde3f177605069.bin.zip
Password: infected
-
be6ad6eba009beba8714bb2afb4475ab646c2a4b5129eff0724ec94f14718c43.exe.exe windows x86
Password: infected
7c2e0427dc9884c5748d925abcb8ce88
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetVersionExA
GetSystemInfo
GlobalMemoryStatus
DeleteFileA
Sleep
ReadFile
GetFileSize
GetFileAttributesA
TerminateProcess
OpenProcess
FindClose
FindNextFileA
FindFirstFileA
lstrcmpA
lstrlenA
CreateMutexA
GetLastError
CreateThread
ExitProcess
GetTickCount
GetModuleFileNameA
GetWindowsDirectoryA
SetCurrentDirectoryA
CopyFileA
SetFileAttributesA
CreateFileA
WriteFile
CloseHandle
GetModuleHandleA
lstrcmpiA
user32
SetWindowsHookExA
SetKeyboardState
GetDesktopWindow
SetTimer
LoadCursorA
wsprintfA
GetWindowTextA
GetForegroundWindow
DefWindowProcA
IsWindow
UnhookWindowsHookEx
SendMessageA
DestroyWindow
GetActiveWindow
GetKeyNameTextA
GetKeyboardState
ToAscii
LoadIconA
ShowWindow
CreateWindowExA
MoveWindow
CallNextHookEx
CloseWindow
PostQuitMessage
RegisterClassExA
DispatchMessageA
TranslateMessage
GetMessageA
gdi32
GetDeviceCaps
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
GetDIBColorTable
DeleteObject
CreateDCA
DeleteDC
advapi32
RegCloseKey
RegCreateKeyExA
RegSetValueExA
shell32
ShellExecuteA
odbc32
ord41
ord24
ord75
ord11
ord31
ord9
msvcrt
??2@YAPAXI@Z
??3@YAXPAX@Z
strlen
malloc
free
strncat
srand
rand
strncpy
atoi
atol
sprintf
strtok
strstr
strcpy
memset
strcat
memcpy
wininet
InternetGetConnectedState
ws2_32
getsockname
inet_ntoa
gethostbyaddr
htonl
sendto
WSAGetLastError
accept
listen
bind
select
__WSAFDIsSet
send
recv
socket
setsockopt
WSAAsyncSelect
htons
inet_addr
gethostbyname
connect
WSAStartup
WSACleanup
ioctlsocket
closesocket
avicap32
capGetDriverDescriptionA
capCreateCaptureWindowA
mpr
WNetEnumResourceA
WNetOpenEnumA
WNetCloseEnum
psapi
GetModuleBaseNameA
GetModuleFileNameExA
EnumProcesses
EnumProcessModules
urlmon
URLDownloadToFileA
Sections
.text Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE