Static task
static1
General
-
Target
lab_malware01.exe
-
Size
56KB
-
MD5
2de244d4bf9851367108fa5d80729aaf
-
SHA1
97f5b077dacd15fc79208a8e7262d1e12ec874ed
-
SHA256
b1aca7a507851f993ed3e3ccca1c9901a3a4eb4014e8b554d763d7f84bd9fdfc
-
SHA512
59ef3c0f041a0c8bbf58d7dfc7facf3371c243a7d32a39fd346cbba30e27a5684d606c0e956e4e0fa9ff8687b6eb0521171fed1063414607feda7e339e415f05
-
SSDEEP
768:AYm5ffvSf8nUsLhqF8DmgNcyZshbVH5EBJkKq05iDy6PyLU/5LC:tUffveAgFy6hbVZEPk25cya5LC
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource lab_malware01.exe
Files
-
lab_malware01.exe.exe windows x86
01e8f9671a2db904c2eae26b02070366
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
kernel32
GetCurrentProcess
GetModuleHandleA
Process32Next
GetPriorityClass
OpenProcess
CloseHandle
Process32First
CreateToolhelp32Snapshot
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetStdHandle
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetFileType
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
SetFilePointer
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
HeapAlloc
VirtualAlloc
HeapReAlloc
CreateFileA
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
Sections
.funny_f Size: 512B - Virtual size: 335B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.text Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE