Static task
static1
Behavioral task
behavioral1
Sample
entry_1_0/Install Build 2017-06.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
entry_1_0/Install Build 2017-06.exe
Resource
win10v2004-20230221-en
General
-
Target
file_3a1b4f424fd64eb28ea69b80f5414578_2023-05-19_09_57_09_476000.zip
-
Size
17.7MB
-
MD5
487a09016a12b4e6dc7477c549f516d9
-
SHA1
01f1cd23e1735f207a529b17b0ca56b0d1bfa841
-
SHA256
ed1643d27687cd610bb65efd776b57e3e5c358c8a8713e672496fc2c8ec01444
-
SHA512
2d7529ef4a3caff3fe14297282ba6163afcc0e4c1836d9c8bbad8084aef1b073883a0e37edcd78b1f755faab72b4cd8084d821ba4e89b0ad49618d21b2d6b50e
-
SSDEEP
393216:kCBCbvmWE+hPojwKpCoHzlyC31ZL02ou0314vy8DC:kHmWFQj7CoHzljPL0B14dC
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/entry_1_0/Install Build 2017-06.exe
Files
-
file_3a1b4f424fd64eb28ea69b80f5414578_2023-05-19_09_57_09_476000.zip.zip
-
entry_1_0/Install Build 2017-06.exe.exe windows x86
1033e7ad4ef699f506cce0c38fc5b07c
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
memset
system
memcpy
fseek
ftell
fread
log10
_wfopen
fclose
fopen
wcsncpy
wcslen
wcscmp
memmove
wcscpy
wcscat
strlen
strcpy
strcat
memcmp
atoi
_stricmp
longjmp
_setjmp3
malloc
free
fwrite
ferror
time
srand
rand
wcsncmp
localtime
mktime
gmtime
fabs
ceil
floor
_wcsnicmp
_wcsdup
_isnan
_wcsicmp
setlocale
swscanf
exit
__p__iob
fprintf
sprintf
getenv
sscanf
_vsnwprintf
kernel32
GetModuleHandleW
HeapCreate
HeapDestroy
ExitProcess
ReleaseMutex
CloseHandle
CreateMutexW
GetLastError
GetCurrentProcess
SetErrorMode
GetDiskFreeSpaceExW
GetUserDefaultLangID
GetSystemDirectoryW
GetSystemInfo
WideCharToMultiByte
FreeLibrary
HeapAlloc
LoadLibraryW
GetProcAddress
HeapFree
EnterCriticalSection
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSection
CreateThread
TerminateThread
CreateFileW
GetFileSize
ReadFile
Sleep
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
DuplicateHandle
CreatePipe
GetStdHandle
CreateProcessW
SetFilePointer
SetEndOfFile
WriteFile
MultiByteToWideChar
MulDiv
SetFileAttributesW
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
HeapReAlloc
SetCurrentDirectoryW
GetTempPathW
CreateDirectoryW
GetDriveTypeW
FindFirstFileW
FindClose
GetFileAttributesW
DeleteFileW
FindNextFileW
RemoveDirectoryW
CopyFileW
HeapSize
GetVersionExA
GetVersionExW
LoadLibraryA
SetLastError
GetLocalTime
GlobalAlloc
GlobalFree
TlsAlloc
TlsSetValue
DeleteCriticalSection
user32
SetWindowLongW
ShowWindow
ExitWindowsEx
SendMessageW
GetActiveWindow
ClipCursor
ShowCursor
GetWindowRect
SetCursorPos
DestroyWindow
InvalidateRect
GetForegroundWindow
BeginPaint
EndPaint
DefWindowProcW
LoadIconW
RegisterClassExW
CreateWindowExW
MessageBoxW
GetWindowThreadProcessId
IsWindowVisible
GetWindowLongA
IsWindowEnabled
EnableWindow
EnumWindows
SetWindowPos
OemToCharW
GetSysColorBrush
SetClassLongW
GetParent
GetWindowLongW
GetWindow
RedrawWindow
GetSysColor
GetClassNameW
IsWindow
FillRect
DrawIconEx
DrawTextW
GetDlgCtrlID
CallWindowProcW
ScreenToClient
GetIconInfo
UpdateWindow
ReleaseCapture
DrawStateW
SetCapture
GetSystemMetrics
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
GetClientRect
LoadCursorW
SendMessageA
GetDC
InflateRect
GetPropW
ReleaseDC
GetWindowDC
RemovePropW
SetPropW
ValidateRect
MapWindowPoints
MoveWindow
PeekMessageW
TranslateMessage
DispatchMessageW
DrawFrameControl
SetActiveWindow
UnregisterClassW
DestroyAcceleratorTable
RegisterClassW
AdjustWindowRectEx
CreateAcceleratorTableW
GetMenu
IsZoomed
IsIconic
MsgWaitForMultipleObjects
GetMessageW
TranslateAcceleratorW
SetFocus
GetFocus
EnumChildWindows
PostMessageW
DefFrameProcW
LoadImageW
SetCursor
SystemParametersInfoW
GetKeyState
GetCursorPos
IsChild
DestroyIcon
CreateIconFromResourceEx
CreateIconFromResource
CharUpperW
gdi32
GetStockObject
DeleteObject
CreateDCW
GetDeviceCaps
CreateFontW
DeleteDC
CreateSolidBrush
CreatePatternBrush
SetBkMode
SetTextColor
SetBkColor
SelectObject
GetObjectType
GetObjectW
ExcludeClipRect
CreateCompatibleBitmap
CreateCompatibleDC
StretchBlt
CreateDIBSection
GetObjectA
GetDIBits
BitBlt
CreateBitmap
SetPixel
SetStretchBltMode
SetBrushOrgEx
SetDIBits
advapi32
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetUserNameW
RegOpenKeyExW
RegConnectRegistryW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
comctl32
InitCommonControlsEx
ImageList_SetBkColor
ImageList_GetIcon
ImageList_GetIconSize
ImageList_Destroy
ImageList_Remove
ImageList_AddMasked
ImageList_Create
ImageList_Add
ImageList_ReplaceIcon
ole32
CoInitialize
CoCreateInstance
CoUninitialize
CoCreateGuid
StringFromGUID2
CoTaskMemFree
RevokeDragDrop
shell32
ExtractIconW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW
winmm
timeEndPeriod
timeBeginPeriod
imagehlp
MakeSureDirectoryPathExists
setupapi
SetupIterateCabinetW
Sections
.code Size: 35KB - Virtual size: 35KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.text Size: 161KB - Virtual size: 161KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 200KB - Virtual size: 204KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
manifest.json