Static task
static1
Behavioral task
behavioral1
Sample
dbb595e6f3053adb3b49f0e29a045a20682142086277bde01b9d498a809767c3.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
dbb595e6f3053adb3b49f0e29a045a20682142086277bde01b9d498a809767c3.exe
Resource
win10v2004-20230703-en
General
-
Target
3323caab86076c122532d5485106ead9.bin
-
Size
98KB
-
MD5
214a94c3d5064cbf13bdd37a285a319f
-
SHA1
03bdc7d2fdccf6fb652c1de371445d963bc79248
-
SHA256
ae36aa268e8d55a925dcb2ba968cad45e0159c8d3e882dd1aed9f82721abdbcf
-
SHA512
c85ef93e8f39f52f988a7f98fd138d8b80173d6cbc1d4ca401f54e56442bf515ce93b2ea0240520e0eb416648d371e06cd82cf80ef9579323117fd97c0bfffff
-
SSDEEP
3072:icWgEZ7kuSoDxS/l8octTDd3jdPQ/5b+nD:ixgKJSoDxIK9d85ynD
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/dbb595e6f3053adb3b49f0e29a045a20682142086277bde01b9d498a809767c3.exe
Files
-
3323caab86076c122532d5485106ead9.bin.zip
Password: infected
-
dbb595e6f3053adb3b49f0e29a045a20682142086277bde01b9d498a809767c3.exe.exe windows x64
Password: infected
3dc6f4eb746aeda0bc22bdb257ef909d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
VirtualProtect
Sleep
LockResource
LoadResource
FindResourceW
GetModuleHandleW
CreateFileW
CloseHandle
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
GetStdHandle
WriteFile
GetModuleFileNameW
GetCurrentProcess
ExitProcess
TerminateProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
HeapSize
HeapReAlloc
WriteConsoleW
user32
FindWindowW
MessageBoxW
Sections
.text Size: 83KB - Virtual size: 82KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 348B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 165KB - Virtual size: 165KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ