�Ən�����8������p@��G@�����\���CA�@��\8p̕� $&o�J�OD�1���do���&�k��u�}�P�Pgge8���)��1�qs��z>�a���� �3����I�[AW��s�qs�����<6��������#�۶����.��qF̟���t;Ųmk��/���{��~���@�yY�K�n7E����[�5O��H֏ ;WZr�`K|7È\�C�� ������,��B��[��ZI<B���_|8�龙�n�O������� 2.�X��Dw�Z���P�L@�b��YO�ጊ .gҼ�Il�[0i�c�Q���Z�W|'0�QG1r�΅Vz�TU�`_������T?��b�0Iǭ���������6Y91\*k�@��uR�����9C%/2�v�2��)�K���G`t��n��|uc,yazEN''t=a��`���ir�D{��,�0J����\$y��U2cij�=/Ș��y�DŽ�?%=z5+���"v� ���+�#eK�=!�y�au��xG�Yצ)����|D��ķے����7#!]� ���D�����J��D�j�P���k�yp��'�2%H��|���KP��;��@�`v.�)�z��MX3E6�k:U�,:A�G:���L .#$�}N$1^��,#\�I� ���H��m���"={q�S����%�zb��\7�%Rl.�5��f*�Fv�Lm�p�R����<KbnCg{������P3.��uB��m��V���+<�(��'+����3BS�p�$��uwb� ͺ���ԝ2ht�x;���Q��8rK�'t-�_��||BkE�PE����\��-�9�A�T>ܟ�}�6Ya x� 8��489G�,N�,�&}�.Xu��E�����}��7:�;([��.4�8h�_�\��(�G�G�Nm,�I��x*xf`�����D�9�-�̎��լ�/��.J������軧��z�yBAC��c"�%�P�b-�ب�m�3�n��d/��/c���o�H�M6;'p��v0��k�f}aDQD�*,����n�GEا�˺i��ۚ�7=LjC�K<��R����VW�-� ��ݪw�L��O�Ԫ[��1�'a�& �خ�<u<�m��'�]�6\ӹ7�Ο��L!�qQ�iHdS\� Y�Q�`;��U��Qy6+�ڇ%��l}���+ΕgL��ݭ}�����s_W� ��ѻ��3���k���̦�|�[&R��m�+�ꁭ̄���E ��v<�I 6����L&�AqxKf�oU'�u+Qц����p�I���v�SL'�ۍ��!)WHK�t��)�����W1*�;��s�L�T��D=�1T�̖͑����n��������c�ll��@GYۏ y3m ]�Y݉\���-V�t�v�i��`�+d��R�Պ\�BT�fUC��3�E������G`��Y��Y�]�C$�{W8Is�^=N�T��6O�;�p~ur�,��+Vla']�H���C�����ܐQ�291����]lا�-�3,���4����#���Ez�"1PR��-j��1����2�@v��h���a��f#��Z�����`���M�PӸ��z��T1u��nw6���3��HjSƄ���^��(��3$���������P���m\lj�+G�����N�)'/��1�Ӿ}���m�JIՏ�m�m~^�:�)WI�Wbt��+0�R���x1�V�q�jNS윤)x�*�a���Z�B��н$�h��bg��>�<Ƕ����Q=,�u�u�>[]���4����ٝkgt���7�5��ϸb�Ŗ$0n >@�@�V߿�Ps�� 7z���:9�dhP��4��G�8�(���6%R��KwUI=�M���:<KW��TF��f�w4]Fw�P��ix0��q㤣W��?n`Ι���/�4�"��9`��1h�Y'�G��!h���¤q�/1����<��n�q�kd��#6,kKQj�ZX����Gm3ɪp����>��NŢ�{[�ֻu,`�4ٻ�7(�[װ�������},�?��ZZۋ���Y� �F���U/3#Ȅ����v�$=�C"�߉+p(E�sy�TM�}үł_��8�:�F���Y�ޥp=<�Z��*-6w�k%���֞4�{������G䔃#o(����'��/rt(���(�?�r�aY�KJU��[�v���<1�$a���t�q����^�3�!�c8}��w2� {!�)����|�h��`r��0�����R� �#�h��R �/���a/���u���n^â|� ���A�\�w���ޒ͑43��l Y�hl���2��5i��&�NQ�>�*�+�7y��g�S�zdz�R��$!w��19�ۃ)9�W�$��l���}Xx}��=��IWg����߿����x=y�M&(c���Q*7����5x��0pv=q;��ls��(��`v�=c��<�U����y��Զ��\:~p�[����j����H�������������6�NT��mY���~sQ��8���⢸Eڰ��ë��V~��NSj94�,7��P\�j��)a~�h�r�⾸n},���[��y����8ma&����������4���F�k�~#�:�>%ּz9y0�Q½Z���%���E�O��1:���ܼr���F6��������K��������4��}M=����W���F���>��F26�U@��1��ׁ�����NN5�>Ҩ���E��'��;O@��G��m=5�Fg?���K�|��ϐ��b�!��y�g/-֣s�����,X"s"m��� ���I�����: �"�F��eT���؎Y\=�mf�1�a����]a��wms�������\�i�<?�X��1W ����������J���k�I/090�E������Y#��,�J/Bt���oLX�W��x�Xt�n����`�y�æL��xi��ض�:DJ��B��+0PB���:~�)^7�ʞ�����w��o�,���;�^TV���+:��RSC����!ѝgd�1�9}8G�,�Z��nt,Xm������tÎ{��oL�#�]�a�I��}�
Static task
static1
Behavioral task
behavioral1
Sample
97ee75734f962d2d4d334ffa45bca9f5003abeeb9ebf5e68b9e8e4ccc6500437.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
97ee75734f962d2d4d334ffa45bca9f5003abeeb9ebf5e68b9e8e4ccc6500437.exe
Resource
win10v2004-20230220-en
General
-
Target
97ee75734f962d2d4d334ffa45bca9f5003abeeb9ebf5e68b9e8e4ccc6500437
-
Size
517KB
-
MD5
26cca72f2208dafaa082025513de9793
-
SHA1
3090d20c54713a763be209d47d95ce5ba11c8e35
-
SHA256
97ee75734f962d2d4d334ffa45bca9f5003abeeb9ebf5e68b9e8e4ccc6500437
-
SHA512
0cb1e8571a70ee9c6fcac5432b415818df05acb6388746aa193687d55c8c222d5a3887fdeba81299575c650576bf79b836ed5f87f0f6fc97757ef1cae76e2938
-
SSDEEP
12288:5C02G8NtPOlHfutjBwQAhyC+j4my3YSIXwVfpAE0N:IrG8Nh4HEZAX+jWhYwVf3
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 97ee75734f962d2d4d334ffa45bca9f5003abeeb9ebf5e68b9e8e4ccc6500437
Files
-
97ee75734f962d2d4d334ffa45bca9f5003abeeb9ebf5e68b9e8e4ccc6500437.exe windows
cb144e1fc80fe9e61a7be5f4f8af8d6d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
FreeLibrary
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess
user32
MessageBoxW
advapi32
LookupPrivilegeValueW
shlwapi
PathFileExistsW
Exports
Exports
Sections
.text Size: - Virtual size: 76KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 46KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: - Virtual size: 288B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tsl0 Size: - Virtual size: 202KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tsl1 Size: 477KB - Virtual size: 477KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 168B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 38KB - Virtual size: 37KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ