Static task
static1
Behavioral task
behavioral1
Sample
42dff7201d7e644ca0d8c5a4aa0c623fb2943b3d88f94794a2767a8aedfc30bd.exe
Resource
win7-20230220-en
General
-
Target
755dc3d00bddf9483a791e5ec4458f30.bin
-
Size
149KB
-
MD5
a17676eadc2eb80a392b0154aa13e947
-
SHA1
ac8a0725f6ccab27a4d41c0dc84933bda0325c09
-
SHA256
dd71266e04a5f32f95e788a166a0f38abdbe427c2c97ae95cf62acef130b38ed
-
SHA512
f912b67d3715f9e47d8f57ce2885fcf8ef513c19319cc48d1d71cef4c9024f8f2e71654a34874d98ce401acfd930118ecfc3b130d31454f00c4de9a58c2fdf54
-
SSDEEP
3072:5o75UbGcGYgHU5px8zoLRZAWqw6v1v77N+ZxS1u/urxkeW:qUbGQgHUqzCANBWZUG
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/42dff7201d7e644ca0d8c5a4aa0c623fb2943b3d88f94794a2767a8aedfc30bd.exe
Files
-
755dc3d00bddf9483a791e5ec4458f30.bin.zip
Password: infected
-
42dff7201d7e644ca0d8c5a4aa0c623fb2943b3d88f94794a2767a8aedfc30bd.exe.exe windows x86
Password: infected
e9c458cdd2bf4d052566046ce5f2e6b7
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
SetDefaultCommConfigA
SearchPathW
EnumCalendarInfoA
GetDriveTypeW
AllocConsole
GetProfileIntW
GetConsoleAliasExesLengthA
ReadConsoleA
InterlockedDecrement
GetProfileSectionA
SetVolumeMountPointW
GetSystemDefaultLCID
FreeEnvironmentStringsA
MoveFileWithProgressA
GetModuleHandleW
GetTickCount
GetSystemTimeAsFileTime
EnumTimeFormatsA
ActivateActCtx
GetPrivateProfileIntA
AddRefActCtx
LoadLibraryW
IsProcessInJob
GetCalendarInfoA
GetStringTypeExW
GetFileAttributesA
GetModuleFileNameW
CreateFileW
GetOverlappedResult
CompareStringW
GetVolumePathNameA
EnumSystemLocalesA
GetCurrentDirectoryW
SetLastError
GetProcAddress
HeapSize
MoveFileW
SetComputerNameA
GetTempFileNameA
SetFileApisToOEM
WriteConsoleA
LocalAlloc
RemoveDirectoryW
BeginUpdateResourceA
AddAtomA
FindNextFileA
FindFirstVolumeMountPointA
GetModuleHandleA
lstrcatW
FreeEnvironmentStringsW
WaitForDebugEvent
SetCalendarInfoA
SetThreadAffinityMask
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
DeleteAtom
DeleteFileA
InterlockedIncrement
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
HeapAlloc
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
IsProcessorFeaturePresent
HeapCreate
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
WriteFile
GetStdHandle
GetModuleFileNameA
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetLocaleInfoW
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
IsValidLocale
GetStringTypeW
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
CloseHandle
WriteConsoleW
SetStdHandle
Sections
.text Size: 106KB - Virtual size: 105KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 108KB - Virtual size: 2.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 44KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ