Static task
static1
Behavioral task
behavioral1
Sample
3d84a68533d4819220e90ef513faecbc0a6e809918c25175684c1787051b3dff.exe
Resource
win7-20230824-en
Behavioral task
behavioral2
Sample
3d84a68533d4819220e90ef513faecbc0a6e809918c25175684c1787051b3dff.exe
Resource
win10v2004-20230703-en
General
-
Target
3d84a68533d4819220e90ef513faecbc0a6e809918c25175684c1787051b3dff
-
Size
299KB
-
MD5
ee3ec0be2a8a670409b9833eff190d03
-
SHA1
42c2473c731d7653602cdb1741e985944373398c
-
SHA256
3d84a68533d4819220e90ef513faecbc0a6e809918c25175684c1787051b3dff
-
SHA512
86d3ad9e2c931a652fc3f5c40dc5411e6ac0ea91edf7075bc3b5385e22957da5e443c2e4fcc7a3342403630a53aa3bf74498d7668f5f19e61b15141c88ec2315
-
SSDEEP
6144:bCsuQEbVzW10zxYSx6n2nIheW4eVZUx4ilO18prle3sphM:bCsuQSVzU+42na4eVZXIO18ve3c
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3d84a68533d4819220e90ef513faecbc0a6e809918c25175684c1787051b3dff
Files
-
3d84a68533d4819220e90ef513faecbc0a6e809918c25175684c1787051b3dff.exe windows x86
7a11aacb7e7dbf49e6307f22fe50a7b4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
EnterCriticalSection
DeleteCriticalSection
GetProcAddress
GetModuleHandleA
MoveFileExA
Sleep
WideCharToMultiByte
MultiByteToWideChar
FormatMessageW
GetLastError
SetLastError
SleepEx
LeaveCriticalSection
CloseHandle
VerSetConditionMask
VerifyVersionInfoW
SetEnvironmentVariableA
CompareStringW
CreateFileW
GetDriveTypeW
GetStringTypeW
LCMapStringW
WriteConsoleW
HeapSize
InitializeCriticalSection
GetTickCount
QueryPerformanceCounter
GetTempPathA
FindClose
FindFirstFileA
CreateDirectoryA
GlobalUnlock
GlobalLock
WaitForSingleObject
GlobalSize
LoadLibraryW
GetTimeZoneInformation
RtlUnwind
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
GetProcessHeap
SetEndOfFile
SetStdHandle
FlushFileBuffers
IsProcessorFeaturePresent
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
DeleteFileA
TlsAlloc
InitializeCriticalSectionAndSpinCount
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapReAlloc
GetFileType
CreateFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
GetFileAttributesA
ExitThread
GetCurrentThreadId
CreateThread
GetTimeFormatA
GetDateFormatA
ReadFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
EncodePointer
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
user32
AddClipboardFormatListener
DispatchMessageA
DefWindowProcA
CreateWindowExA
RemoveClipboardFormatListener
GetClipboardData
SetWindowLongA
TranslateMessage
SetTimer
CloseClipboard
GetMessageA
OpenClipboard
advapi32
CryptEncrypt
CryptImportKey
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptGetHashParam
CryptGenRandom
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
ws2_32
select
__WSAFDIsSet
htonl
htons
WSAGetLastError
closesocket
ntohs
WSASetLastError
setsockopt
send
getsockopt
WSAStartup
WSAIoctl
socket
bind
recv
getsockname
connect
getpeername
accept
listen
freeaddrinfo
ioctlsocket
WSACloseEvent
getaddrinfo
Sections
.text Size: 242KB - Virtual size: 241KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 37KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 436B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ