Static task
static1
Behavioral task
behavioral1
Sample
cf1770a38ba7df85667355b42524c27a299c6bb14c368e664cdcc4d0d9bb196d.exe
Resource
win7-20230712-en
General
-
Target
cf1770a38ba7df85667355b42524c27a299c6bb14c368e664cdcc4d0d9bb196d
-
Size
634KB
-
MD5
0b0393994a4faad51d13fb76092dfdcc
-
SHA1
0f085d5d02d9f099d6f26aa65f1871083f6742b7
-
SHA256
cf1770a38ba7df85667355b42524c27a299c6bb14c368e664cdcc4d0d9bb196d
-
SHA512
8429be51d3a3393790b69512a592d4a698edf340aa304dfe54a49ab90c098c413808d04c70c610ba95730ef2d6ba86cdc4bbf6ba92b747e5c868e77640fb8df7
-
SSDEEP
12288:fi9L1OGRaPwPk3oP192URyxgiaqci8aFrIF1UufJcuC7t1EK:fOsGR2gigFa21xGl
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource cf1770a38ba7df85667355b42524c27a299c6bb14c368e664cdcc4d0d9bb196d
Files
-
cf1770a38ba7df85667355b42524c27a299c6bb14c368e664cdcc4d0d9bb196d.exe windows x86
aa39d80200b72e245ba2317444cbd500
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
FreeConsole
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
WideCharToMultiByte
SetFilePointer
ReadFile
SystemTimeToFileTime
GetTickCount
lstrcpyA
lstrcatA
LocalFileTimeToFileTime
GetFileAttributesA
CreateDirectoryA
WriteFile
SetFileTime
FindClose
GetTempPathA
lstrlenA
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
DeleteFileA
GetCurrentDirectoryA
CloseHandle
GetLastError
CreateFileA
CreateFileW
SetEndOfFile
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
VirtualProtect
GetCurrentDirectoryW
GetFullPathNameA
SetStdHandle
FlushFileBuffers
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetStartupInfoW
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameW
GetLocaleInfoW
LoadLibraryW
GetTimeZoneInformation
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapCreate
GetConsoleMode
GetConsoleCP
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
FindFirstFileExA
GetDriveTypeA
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentProcessId
CreateThread
GetCurrentThreadId
ExitThread
LCMapStringW
GetCPInfo
RtlUnwind
HeapSetInformation
GetSystemInfo
GetCommandLineA
VirtualQuery
ExitProcess
GetModuleHandleW
GetSystemTimeAsFileTime
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
WaitForMultipleObjects
VirtualAlloc
WriteConsoleW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
RaiseException
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
EncodePointer
DecodePointer
GetProcAddress
FreeLibrary
SetLastError
SleepEx
VerifyVersionInfoA
VerSetConditionMask
GetSystemDirectoryA
LoadLibraryA
GetModuleHandleA
WaitForSingleObject
FormatMessageA
PeekNamedPipe
user32
wsprintfA
gdi32
GetObjectA
SetDIBColorTable
DeleteObject
CreateCompatibleDC
SetPixel
SelectObject
DeleteDC
CreateDIBSection
shell32
ShellExecuteA
shlwapi
PathFindExtensionA
PathFindExtensionW
gdiplus
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipCloneImage
GdipAlloc
GdipFree
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdiplusShutdown
GdipCreateBitmapFromFileICM
GdiplusStartup
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromFile
wldap32
ord46
ord41
ord27
ord301
ord33
ord79
ord32
ord200
ord30
ord26
ord50
ord60
ord143
ord211
ord22
ord35
ws2_32
WSAGetLastError
__WSAFDIsSet
select
WSAStartup
WSACleanup
recv
send
WSAIoctl
setsockopt
getsockname
ntohs
bind
htons
getsockopt
getpeername
closesocket
socket
connect
freeaddrinfo
sendto
recvfrom
accept
listen
ioctlsocket
gethostname
htonl
ntohl
WSASetLastError
getaddrinfo
crypt32
CertFreeCertificateContext
advapi32
CryptEncrypt
CryptDestroyKey
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptImportKey
Sections
.text Size: 443KB - Virtual size: 442KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 89KB - Virtual size: 89KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 92KB - Virtual size: 92KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ