Static task
static1
Behavioral task
behavioral1
Sample
5949ecfe610184464b096f641b0e88e39082a9bbceec1b9a1a7b188bbee5e65a.exe
Resource
win7-20230831-en
General
-
Target
5949ecfe610184464b096f641b0e88e39082a9bbceec1b9a1a7b188bbee5e65a
-
Size
2.5MB
-
MD5
8d64f009168c30eb666b7456bf32e0f3
-
SHA1
d58fe154350e4963e93bfca648d8791ee4109acf
-
SHA256
5949ecfe610184464b096f641b0e88e39082a9bbceec1b9a1a7b188bbee5e65a
-
SHA512
dd9ae8504ea1c8e9907a47b51773fa3fa6a35d93009d4029af9e9c248dc05192963ea03f3df4e5f6f0de7b7677a158b463119d630e2b87fbccdf50c0f957ede9
-
SSDEEP
49152:mbctL0RnRxar+nsPL5MgAD88xK4iuNTZFbrsdto5/j4vXccaPnTsDnxDfsDlJyj1:mwtkRx/sPLvY9svXHzv
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 5949ecfe610184464b096f641b0e88e39082a9bbceec1b9a1a7b188bbee5e65a
Files
-
5949ecfe610184464b096f641b0e88e39082a9bbceec1b9a1a7b188bbee5e65a.exe windows x86
d58fac7d322caaa847dbb840707d8192
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
kernel32
DeleteCriticalSection
WideCharToMultiByte
InterlockedIncrement
TlsFree
FormatMessageA
CreateEventA
OpenEventA
GetFileSizeEx
FindFirstFileA
FindNextFileA
SetEndOfFile
FindClose
CreateMutexA
UnmapViewOfFile
SwitchToThread
SetFilePointerEx
CreateFileMappingA
RemoveDirectoryA
CreateDirectoryA
GetTickCount
MapViewOfFileEx
GetProcessTimes
SetLastError
GetCurrentProcess
ReleaseSemaphore
WriteFile
DuplicateHandle
GetModuleHandleA
Sleep
CreateFileA
WaitForSingleObjectEx
GetSystemInfo
ResetEvent
GetProcAddress
GetCurrentProcessId
TlsGetValue
GetSystemTimeAsFileTime
CreateSemaphoreA
LocalFree
TlsSetValue
HeapFree
InterlockedCompareExchange
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
GetCurrentThreadId
CreateEventW
HeapAlloc
VerSetConditionMask
GetProcessHeap
SleepEx
VerifyVersionInfoW
CreateIoCompletionPort
GetModuleFileNameA
GetModuleFileNameW
GetFileAttributesW
GetVersionExW
GetLocalTime
GetDriveTypeW
MultiByteToWideChar
LoadLibraryW
FreeLibrary
CreateWaitableTimerW
CancelIo
GetStdHandle
GetFileType
GetSystemTime
SystemTimeToFileTime
QueryPerformanceCounter
GlobalMemoryStatus
LoadLibraryA
FlushConsoleInputBuffer
HeapSize
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
QueueUserAPC
CloseHandle
InterlockedExchangeAdd
TlsAlloc
TerminateThread
SetEvent
GetLastError
FormatMessageW
PostQueuedCompletionStatus
ReleaseMutex
WaitForSingleObject
CreateMutexW
LeaveCriticalSection
WaitForMultipleObjects
InterlockedDecrement
EnterCriticalSection
InterlockedExchange
SetWaitableTimer
IsValidCodePage
FindFirstFileExA
SetStdHandle
ReadConsoleW
GetTimeZoneInformation
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetCommandLineW
GetCommandLineA
HeapReAlloc
WriteConsoleW
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
ReadFile
ExitProcess
GetModuleHandleExW
ExitThread
SetConsoleCtrlHandler
RtlUnwind
RaiseException
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
VirtualProtect
TryEnterCriticalSection
EncodePointer
DecodePointer
QueryPerformanceFrequency
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
WaitForMultipleObjectsEx
ResumeThread
GetLogicalProcessorInformation
CreateWaitableTimerA
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
DeleteFileW
GetFullPathNameW
RemoveDirectoryW
DeviceIoControl
MoveFileExW
FindFirstFileW
FindNextFileW
AreFileApisANSI
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
VirtualAlloc
VirtualFree
user32
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
advapi32
RegOpenKeyExA
InitializeSecurityDescriptor
OpenEventLogA
CloseEventLog
ReportEventA
RegisterEventSourceA
DeregisterEventSource
SetSecurityDescriptorDacl
RegCloseKey
ReadEventLogA
RegQueryValueExA
shell32
SHGetFolderPathW
ws2_32
connect
WSARecv
getsockopt
ioctlsocket
setsockopt
WSASetLastError
getsockname
WSAAddressToStringW
freeaddrinfo
inet_addr
WSAAddressToStringA
ntohs
inet_ntoa
htonl
ntohl
WSACleanup
WSAStartup
getpeername
WSASocketW
listen
shutdown
select
WSASend
closesocket
WSAIoctl
bind
accept
__WSAFDIsSet
recv
send
getaddrinfo
WSAGetLastError
shlwapi
PathRemoveFileSpecW
Sections
.text Size: 1.8MB - Virtual size: 1.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 472KB - Virtual size: 471KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 62KB - Virtual size: 82KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 156KB - Virtual size: 160KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE