Static task
static1
Behavioral task
behavioral1
Sample
mal.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
mal.exe
Resource
win10v2004-20230703-en
General
-
Target
mal.exe
-
Size
13.3MB
-
MD5
4772b356c1d753fec83afe4b1095cdbb
-
SHA1
ab0bb8555c6f1ae10bbf2569221d1e5da8a6f2ed
-
SHA256
fd31523ca4007b3dbbe292fbeeddd80af666c8e272790c8de417d74c4137560d
-
SHA512
072e46980a864ec34d298122e9aba434727f9a0e848ab607d62fbc398c00f034ac20c9b5bbcfaa934fc6126d49d2515a15aeba2fa7684be2eb5ab39aea6f6ede
-
SSDEEP
24576:l5jiNJYEgai+Wy3m75v7tXUsoJ1+E/XZuHQAbnmCB7WwiV0mNhUoYs06Ur613Af9:sTgai+73mt7tXUsW/XgHQHS720mNW/
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource mal.exe
Files
-
mal.exe.exe windows x64
3dfa11485171cfef127e8b3a8a355682
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
OutputDebugStringW
FlushViewOfFile
CreateFileA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
LoadLibraryA
GetProcAddress
CreateDirectoryW
GetCurrentProcess
GetUserDefaultUILanguage
GetTimeZoneInformation
GetModuleHandleW
CopyFileW
QueryFullProcessImageNameW
GetComputerNameA
AreFileApisANSI
ReadFile
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
WriteFile
GetCurrentDirectoryW
GetFileAttributesA
GetLastError
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
ReadConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetConsoleMode
GetConsoleOutputCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
SetStdHandle
RtlUnwind
LoadLibraryExW
UnmapViewOfFile
GetCurrentThreadId
GetFileAttributesW
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
InitializeCriticalSection
LeaveCriticalSection
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
GetFileAttributesExW
TlsFree
TlsSetValue
WriteConsoleW
TlsGetValue
TlsAlloc
RaiseException
RtlPcToFileHeader
RtlUnwindEx
GetFileSizeEx
VerifyVersionInfoW
VerSetConditionMask
SleepEx
WaitForMultipleObjects
PeekNamedPipe
GetFileType
GetStdHandle
GetEnvironmentVariableA
MoveFileExA
SetLastError
InitializeCriticalSectionEx
EncodePointer
DecodePointer
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
InitializeSListHead
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
user32
GetKeyboardLayout
PostMessageW
EnumWindows
FindWindowW
SwitchToThisWindow
GetWindowTextW
GetClassNameW
advapi32
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegOpenKeyExW
CheckTokenMembership
FreeSid
RegSetValueExW
RegCreateKeyExW
AllocateAndInitializeSid
RegCloseKey
RegQueryValueExW
shell32
CommandLineToArgvW
ShellExecuteExW
SHGetKnownFolderPath
ole32
CoTaskMemFree
urlmon
ObtainUserAgentString
ws2_32
connect
htonl
accept
select
__WSAFDIsSet
socket
htons
WSAIoctl
setsockopt
WSACleanup
WSAStartup
WSASetLastError
ntohs
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
getsockopt
listen
recv
getaddrinfo
freeaddrinfo
recvfrom
sendto
getpeername
ioctlsocket
gethostname
getsockname
bind
crypt32
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CryptDecodeObjectEx
wldap32
ord41
ord50
ord26
ord60
ord211
ord217
ord143
ord27
ord22
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord45
ord46
bcrypt
BCryptGenRandom
Sections
.text Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 265KB - Virtual size: 265KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 11.5MB - Virtual size: 11.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 63KB - Virtual size: 63KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 348B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ