Static task
static1
Behavioral task
behavioral1
Sample
4d332193f06e1dd87e811daf830f5a243b95bd87c6c47cf788b07513a07c7856.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
4d332193f06e1dd87e811daf830f5a243b95bd87c6c47cf788b07513a07c7856.exe
Resource
win10v2004-20230703-en
General
-
Target
4d332193f06e1dd87e811daf830f5a243b95bd87c6c47cf788b07513a07c7856
-
Size
810KB
-
MD5
9185cb1d14d70defb8e8cb1be18258e8
-
SHA1
901bb54c28fbf12eae82e272e2cf48ab14dad181
-
SHA256
4d332193f06e1dd87e811daf830f5a243b95bd87c6c47cf788b07513a07c7856
-
SHA512
1cc0c7a44fc9c99c71ddbe77a22603c7673a10ceb8a8d075aaae8c6e14a66bda9d5054dad869c2c5ea91d2c6ece4f83eef3587b7f0853281ca6d923bd64f09cf
-
SSDEEP
12288:FPQnwOJJRddLRSW3QzrqCk0wJzm3ViTGEEEEtMfEO4QJp+Dj:F4nwsdLlQzrqCk0wJzm3gTGVd0paj
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4d332193f06e1dd87e811daf830f5a243b95bd87c6c47cf788b07513a07c7856
Files
-
4d332193f06e1dd87e811daf830f5a243b95bd87c6c47cf788b07513a07c7856.exe windows x86
f7e0a21430fbf41ac76bc679ff65bcee
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
version
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
crypt32
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptQueryObject
CryptMsgClose
CertGetNameStringW
kernel32
CreateFileW
GetLocalTime
GetCurrentThreadId
CloseHandle
GetCurrentProcessId
GetUserDefaultLangID
FreeLibrary
HeapAlloc
HeapFree
GetModuleHandleW
GetProcessHeap
OpenProcess
LoadLibraryW
GetLastError
GetProcAddress
GetModuleFileNameW
WriteFile
FileTimeToLocalFileTime
GetEnvironmentVariableW
VirtualQuery
GetLogicalDriveStringsW
QueryDosDeviceW
CreateFileMappingW
GlobalMemoryStatusEx
SetLastError
InterlockedExchange
DeviceIoControl
ResumeThread
InitializeCriticalSectionAndSpinCount
GetTickCount
InterlockedExchangeAdd
OutputDebugStringW
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetFilePointer
GetTempPathW
FileTimeToSystemTime
DecodePointer
GetFileSizeEx
LocalFree
EncodePointer
IsProcessorFeaturePresent
IsDebuggerPresent
GetFileTime
ReadFile
SetEndOfFile
GetFileSize
FindNextFileW
FindClose
SetFileAttributesW
DeleteFileW
GetCurrentDirectoryW
lstrlenW
GetFileAttributesW
SetFileTime
CreateDirectoryW
GetFullPathNameW
LoadLibraryExW
lstrcmpiW
GetSystemInfo
LockResource
GetVersionExW
LoadResource
FindResourceW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
ReleaseMutex
CreateMutexW
MultiByteToWideChar
GetACP
OpenFileMappingW
UnmapViewOfFile
MapViewOfFile
CreateEventW
ResetEvent
Sleep
SetEvent
WaitForMultipleObjects
WaitForSingleObject
CreateProcessW
WideCharToMultiByte
SearchPathW
ExpandEnvironmentStringsW
GetFileAttributesExW
GetLongPathNameW
FindFirstFileW
FormatMessageW
msvcp120
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?_BADOFF@std@@3_JB
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
msvcr120
??1type_info@@UAE@XZ
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
_onexit
__set_app_type
exit
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_wcmdln
_fmode
_commode
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__CxxFrameHandler3
_except_handler4_common
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
__dllonexit
_calloc_crt
_unlock
_lock
wcsncpy
wcstoul
_wcsicmp
_beginthreadex
swscanf_s
?terminate@@YAXXZ
_splitpath_s
_stricmp
_localtime64
_mktime64
tolower
memchr
_errno
sprintf
strstr
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
calloc
_vswprintf_c_l
_wtoi
_wcsnicmp
_time64
srand
_except1
towupper
_vsnwprintf
wcsstr
towlower
wcschr
fclose
fseek
ftell
fwrite
fread
rewind
_wfopen_s
wcsrchr
malloc
free
??_V@YAXPAX@Z
atoi
??2@YAPAXI@Z
??3@YAXPAX@Z
_purecall
memmove
__wgetmainargs
memcpy
memset
sprintf_s
_dtest
modf
_CxxThrowException
memcpy_s
rand
shell32
SHGetFolderPathW
Sections
.text Size: 611KB - Virtual size: 610KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 118KB - Virtual size: 117KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 32KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ