Static task
static1
Behavioral task
behavioral1
Sample
8a6ae1473ccc11746429b4bf386723bc401aa7fba438e73dc6755f7ed134aa81.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
8a6ae1473ccc11746429b4bf386723bc401aa7fba438e73dc6755f7ed134aa81.exe
Resource
win10v2004-20230703-en
General
-
Target
8a6ae1473ccc11746429b4bf386723bc401aa7fba438e73dc6755f7ed134aa81
-
Size
386KB
-
MD5
fbfe385405669c83bd3bc3b54b701aff
-
SHA1
dd7c2de334687fea177ff30e4b6c1f35c02f7389
-
SHA256
8a6ae1473ccc11746429b4bf386723bc401aa7fba438e73dc6755f7ed134aa81
-
SHA512
3a4b40015fad8624fb3ba735178e49724e979a7d98264e05e130308827d885e5b1294475fc55d5ef770e1a1d7b8025f7323e0f3198923d4afad83b28063756db
-
SSDEEP
6144:gxSf320AjL2c9+j4HQEezaFJFhmfbNPgS/WTluIQ0hL0dxjgomjXAO+4d:USPlt3j4m2FJFhwgRbQ0q0omjXF
Malware Config
Signatures
Files
-
8a6ae1473ccc11746429b4bf386723bc401aa7fba438e73dc6755f7ed134aa81.exe windows x86
aa4286323dc2d9b84b96d4f0bc1da419
Code Sign
5b:a6:54:70:86:fb:79:8a:48:18:dd:04:12:85:97:9aCertificate
IssuerCN=Adobe Inc.,C=USNot Before10-03-2023 16:27Not After30-12-2025 16:00SubjectCN=Adobe Inc.,C=US7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate
IssuerCN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before12-01-2016 00:00Not After11-01-2031 23:59SubjectCN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate
IssuerCN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before23-12-2017 00:00Not After22-03-2029 23:59SubjectCN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
47:22:d8:8f:aa:fa:a4:cf:4c:52:88:5b:96:c9:72:44:f1:fa:5c:96Signer
Actual PE Digest47:22:d8:8f:aa:fa:a4:cf:4c:52:88:5b:96:c9:72:44:f1:fa:5c:96Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
VirtualProtect
GetLastError
GetProcAddress
Sleep
WriteConsoleW
HeapSize
SetStdHandle
GetProcessHeap
MapViewOfFile
CreateFileMappingW
lstrcmpiA
lstrcpyW
FreeLibrary
K32GetModuleInformation
GetModuleHandleW
CloseHandle
lstrcatW
CreateFileW
GetCurrentProcess
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
ReadConsoleW
ReadFile
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
WideCharToMultiByte
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetStringTypeW
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlUnwind
RaiseException
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
GetFileType
GetFileSizeEx
SetFilePointerEx
CompareStringW
LCMapStringW
Sections
.text Size: 324KB - Virtual size: 324KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 52KB - Virtual size: 51KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ