Static task
static1
Behavioral task
behavioral1
Sample
5f076dfb7a232162dd75ee5789a40c6807948538d5b627e9f56d1478f309fc46.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
5f076dfb7a232162dd75ee5789a40c6807948538d5b627e9f56d1478f309fc46.exe
Resource
win10v2004-20230703-en
General
-
Target
5f076dfb7a232162dd75ee5789a40c6807948538d5b627e9f56d1478f309fc46
-
Size
326KB
-
MD5
aa2f665ebd43529bde64c59d458c3c81
-
SHA1
1681cdb49bba66bde1ed79f6de5a98bee88bf5b4
-
SHA256
5f076dfb7a232162dd75ee5789a40c6807948538d5b627e9f56d1478f309fc46
-
SHA512
ac76cc480d68631527459c1207de9836363d1e68a2a0b457e687960835e9811343b1886007f812419a28851eeafc46502f02e4810afe8f04f5d75ad8310121e8
-
SSDEEP
6144:6YmgKsXuKcG5/IgEoB+9YcOs8sQbEZafLscc:6YPXuDG5/IgEo89YcOlsCzb
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5f076dfb7a232162dd75ee5789a40c6807948538d5b627e9f56d1478f309fc46
Files
-
5f076dfb7a232162dd75ee5789a40c6807948538d5b627e9f56d1478f309fc46.exe windows x86
25eb69ad916194a402c5c3e752d5de5e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
WSAEnumProtocolsA
WSASetLastError
fbclient
ord151
ord37
fb_get_master_interface
ord248
ord249
ord152
ord145
ord144
ord139
ord119
ord118
ord113
ord108
ord250
ord51
ord1
ord44
ord42
ord157
ord176
ord168
ord166
ord162
ord158
ord156
ord116
ord259
ord169
ord160
ord115
ord83
ord128
ord122
ord103
fb_interpret
fb_shutdown
msvcp140
?_Xbad_alloc@std@@YAXXZ
?_Xbad_function_call@std@@YAXXZ
_Mbrtowc
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_W_Getdays@_Locinfo@std@@QBEPBGXZ
?_W_Getmonths@_Locinfo@std@@QBEPBGXZ
vcruntime140
_purecall
__CxxFrameHandler3
memmove
memcpy
__std_exception_destroy
_CxxThrowException
__std_terminate
memset
__std_exception_copy
strchr
memchr
strstr
_except_handler4_common
__std_type_info_destroy_list
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
setlocale
api-ms-win-crt-runtime-l1-1-0
_c_exit
_register_thread_local_exe_atexit_callback
__p___argc
_invalid_parameter_noinfo_noreturn
_exit
exit
terminate
_initterm
_get_initial_narrow_environment
_controlfp_s
_set_app_type
_seh_filter_exe
_cexit
_crt_at_quick_exit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_crt_atexit
_configure_narrow_argv
_seh_filter_dll
_errno
abort
_initterm_e
__p___argv
_initialize_narrow_environment
strerror
api-ms-win-crt-convert-l1-1-0
atoi
api-ms-win-crt-stdio-l1-1-0
_getcwd
_get_osfhandle
_sopen_dispatch
fopen
_close
fclose
_set_fmode
__p__commode
_write
_fileno
__stdio_common_vsscanf
__acrt_iob_func
_isatty
feof
getc
__stdio_common_vsprintf
__stdio_common_vfprintf
fwrite
fflush
getchar
ferror
_read
api-ms-win-crt-string-l1-1-0
_strnicmp
isalpha
strncpy
isdigit
strncmp
toupper
api-ms-win-crt-heap-l1-1-0
_set_new_mode
calloc
api-ms-win-crt-environment-l1-1-0
_putenv_s
getenv
getenv_s
api-ms-win-crt-filesystem-l1-1-0
_fstat64i32
_access
_unlink
_mkdir
_stat64i32
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-time-l1-1-0
_ftime64
api-ms-win-crt-math-l1-1-0
__setusermatherr
_except1
mpr
WNetCloseEnum
WNetGetUniversalNameA
WNetEnumResourceA
WNetOpenEnumA
kernel32
ReadFile
WideCharToMultiByte
MultiByteToWideChar
WriteFile
VirtualAlloc
VirtualFree
GetLastError
InitializeCriticalSection
InitializeSListHead
GetCurrentThreadId
GetStartupInfoW
IsDebuggerPresent
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetSystemInfo
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
GetVersion
LocalAlloc
LocalFree
GetProcessTimes
GetCurrentProcess
CloseHandle
lstrcmpA
lstrlenA
CreateEventA
LoadLibraryA
GetTempPathA
GetModuleFileNameA
GetFullPathNameA
GetDriveTypeA
LoadLibraryExA
SetErrorMode
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
CreateSemaphoreA
ReleaseSemaphore
SetEvent
SetConsoleCtrlHandler
GetVolumeInformationA
GetFileAttributesA
CreateFileA
CreateDirectoryA
SystemTimeToFileTime
GetSystemTime
SetFileTime
GetFileInformationByHandle
FindNextFileA
FindFirstFileA
FindClose
GetComputerNameA
WaitForSingleObject
GetCurrentProcessId
OpenProcess
SetConsoleMode
GetConsoleMode
QueryPerformanceFrequency
QueryPerformanceCounter
SetEnvironmentVariableA
GetEnvironmentVariableA
UnhandledExceptionFilter
GetModuleHandleA
SetFilePointer
user32
MessageBoxA
CharLowerBuffA
CharUpperBuffA
advapi32
SetEntriesInAclA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
SetNamedSecurityInfoA
GetNamedSecurityInfoA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
SetSecurityInfo
GetSecurityInfo
CreateWellKnownSid
GetUserNameA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
ConvertStringSecurityDescriptorToSecurityDescriptorA
ConvertSidToStringSidA
ole32
CoCreateGuid
Sections
.text Size: 260KB - Virtual size: 260KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 59KB - Virtual size: 59KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ