Static task
static1
Behavioral task
behavioral1
Sample
66c966d26c94bc30ec28b4ffa3724134e9f14c4b9c6a74add6fa4169b0896cc1.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
66c966d26c94bc30ec28b4ffa3724134e9f14c4b9c6a74add6fa4169b0896cc1.exe
Resource
win10v2004-20230220-en
General
-
Target
66c966d26c94bc30ec28b4ffa3724134e9f14c4b9c6a74add6fa4169b0896cc1
-
Size
150KB
-
MD5
49e946a045391cc33a2c549488fd0b82
-
SHA1
51271daa6828d7eecf5ba5221681941676f8afbd
-
SHA256
66c966d26c94bc30ec28b4ffa3724134e9f14c4b9c6a74add6fa4169b0896cc1
-
SHA512
eb96ad29b2754fa003dad3f230f1c29093c986ef5f6a2abc7a876a3f6d3015dbd448c5352ace8bb5365c51c72f06df4bdc70376e82fc44d245f0f50e74d325ab
-
SSDEEP
3072:62DANqenCanyFfpIrf6bmQ3ujpMgF4Zcppg+7hPUz3Gxz:62DANb8fZb26cIgUzWxz
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 66c966d26c94bc30ec28b4ffa3724134e9f14c4b9c6a74add6fa4169b0896cc1
Files
-
66c966d26c94bc30ec28b4ffa3724134e9f14c4b9c6a74add6fa4169b0896cc1.exe windows x86
ae9e41d35731f36fef1be4de74227b6c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
DeleteCriticalSection
FreeLibrary
GetProcAddress
GetModuleHandleW
lstrcmpiW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
RaiseException
GetCurrentThreadId
CloseHandle
CreateFileW
SetFilePointerEx
DecodePointer
GetConsoleOutputCP
FlushFileBuffers
GetStringTypeW
SetStdHandle
InitializeCriticalSectionAndSpinCount
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetConsoleMode
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
ExitProcess
GetLastError
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
WriteConsoleW
FindNextFileW
FindFirstFileExW
FindClose
WriteFile
GetFileType
EncodePointer
InitializeSListHead
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetStdHandle
user32
MessageBoxW
DestroyWindow
DefWindowProcW
CharNextW
advapi32
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyW
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
ole32
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree
oleaut32
VarUI4FromStr
comctl32
InitCommonControlsEx
Sections
.text Size: 64KB - Virtual size: 63KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 49KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ