Static task
static1
Behavioral task
behavioral1
Sample
kg.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
kg.exe
Resource
win10v2004-20230703-en
General
-
Target
KG_WIN.ZIP
-
Size
272KB
-
MD5
0b214a9d1831ec23c88c19628de28398
-
SHA1
0306df969d944258240590854d5babc3c9955516
-
SHA256
b597eb53f62e70ccd37092d27c12d6ab957868a2531da4250fa2af2097c37151
-
SHA512
a21e4eda3ce0a5c58fa02e4a85f9400ff66149ff357387c47c78aac988b62e8082399e46354972e5150be7e381f0a3030d0f5c9bb7189cc5c2bb93a3d599c438
-
SSDEEP
6144:EBJNYE6YMb91gB7+2soyMBxyikd2NOWlQl1pGKZzIB9ymRoVi4DRy8xS:EBJNx6YMbXgB7+FKkikANO1l6KZzIqE7
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/kg.exe
Files
-
KG_WIN.ZIP.zip
-
kg.exe.exe windows x86
009fe6767545ae516440d8eb5e027c7b
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
GetModuleHandleA
GetProcAddress
msvcrt
pow
ole32
RevokeDragDrop
gdiplus
GdipFree
user32
GetDC
gdi32
BitBlt
comctl32
ImageList_Add
Sections
.MPRESS1 Size: 224KB - Virtual size: 1.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.MPRESS2 Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 139KB - Virtual size: 139KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE