Static task
static1
Behavioral task
behavioral1
Sample
c2a2a609fd72d55c11f810577c29c7d85f92da64ac1594420fc32eb2f5a5ddb4.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
c2a2a609fd72d55c11f810577c29c7d85f92da64ac1594420fc32eb2f5a5ddb4.exe
Resource
win10v2004-20230220-en
General
-
Target
b7578171f9622fe509960bbd05214a6c.bin
-
Size
147KB
-
MD5
4cb0538b75360c884bd09eac2e32301e
-
SHA1
ed5f55c55c9cff7b5ac668251e73fd8beadf42ae
-
SHA256
7c9b70a2a5a2973c187221d35d93ab7b02c0328e889e5542edd1774f893afa5f
-
SHA512
afc9385461f3a24ee2f3c0c3760a7a38333b6cdd52836815de16675f9c649b47ef161fee8f990171a5edac8f88e2a3c067b503d2112deecd937479185254544f
-
SSDEEP
3072:O66TfbEUJLbbYzRZEF7qxh+F+UOOJYj1yuvVgNtxrBcd4B/qP6:efbEUJXbYzgFV+uQvdg7x9c406
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/c2a2a609fd72d55c11f810577c29c7d85f92da64ac1594420fc32eb2f5a5ddb4.exe
Files
-
b7578171f9622fe509960bbd05214a6c.bin.zip
Password: infected
-
c2a2a609fd72d55c11f810577c29c7d85f92da64ac1594420fc32eb2f5a5ddb4.exe.exe windows x86
Password: infected
8de2fe168308519536adb42b2323eb66
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
ConvertThreadToFiber
InterlockedIncrement
InterlockedDecrement
WaitNamedPipeA
SetMailslotInfo
QueryDosDeviceA
SetComputerNameW
GetModuleHandleW
EnumTimeFormatsW
SetProcessPriorityBoost
GetPrivateProfileIntA
GetPrivateProfileStructW
GetSystemPowerStatus
GetCalendarInfoW
GetConsoleAliasExesLengthW
GetFileAttributesW
WriteConsoleW
GetModuleFileNameW
lstrcatA
CompareStringW
GetVolumePathNameA
GetShortPathNameA
GetProfileIntA
GetLastError
GetProcAddress
GetDriveTypeW
SearchPathA
ResetEvent
OpenWaitableTimerA
LoadLibraryA
GetProcessId
InterlockedExchangeAdd
LocalAlloc
SetCalendarInfoW
FindFirstVolumeMountPointW
AddAtomW
SetSystemTime
GlobalWire
FindNextFileA
EnumDateFormatsA
CreateIoCompletionPort
GetModuleHandleA
FreeEnvironmentStringsW
CreateMailslotA
EnumDateFormatsW
OpenSemaphoreW
TerminateJobObject
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
MoveFileWithProgressW
EnumCalendarInfoExA
EnumSystemLocalesW
AreFileApisANSI
GlobalDeleteAtom
AttachConsole
GlobalFix
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
HeapFree
HeapAlloc
DeleteFileA
HeapReAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
HeapCreate
ExitProcess
WriteFile
GetStdHandle
SetFilePointer
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetModuleFileNameA
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoW
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
GetConsoleCP
GetConsoleMode
LoadLibraryW
SetStdHandle
FlushFileBuffers
CreateFileW
CloseHandle
gdi32
GetCharABCWidthsA
SelectObject
Sections
.text Size: 91KB - Virtual size: 90KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 77KB - Virtual size: 2.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 69KB - Virtual size: 68KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ