Static task
static1
Behavioral task
behavioral1
Sample
762674cf629454c6493e2d0793b30a67e6eb700436e590b59c749b1ed1f360d9.exe
Resource
win7-20230831-en
General
-
Target
762674cf629454c6493e2d0793b30a67e6eb700436e590b59c749b1ed1f360d9
-
Size
219KB
-
MD5
8b42cc3a3ca56a91165ef42b118e0027
-
SHA1
91d1f62b13246e7d958f431132074332fb65496f
-
SHA256
762674cf629454c6493e2d0793b30a67e6eb700436e590b59c749b1ed1f360d9
-
SHA512
033571d9ca431d186eda4349a2e1f4522a157e49d0059d8ea9a890bdef0684713e598ccc388c9cef9d96d739c00b0dde97e60b004b1298598b40568a067df21f
-
SSDEEP
6144:qH1BRexcEX6Dibjc81LRp19n6T5LKHXaEl5tM:qH11EX6DP85ZYxeaEl5t
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 762674cf629454c6493e2d0793b30a67e6eb700436e590b59c749b1ed1f360d9
Files
-
762674cf629454c6493e2d0793b30a67e6eb700436e590b59c749b1ed1f360d9.exe windows x86
dea125205dbb690c7ad0bc204bc3a9db
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
WaitForSingleObjectEx
GetCurrentProcess
MapViewOfFile
WideCharToMultiByte
ExitProcess
DeleteCriticalSection
CreateFileMappingA
GetProcAddress
DecodePointer
HeapAlloc
GetWindowsDirectoryA
ResetEvent
FreeConsole
RaiseException
CloseHandle
SetEvent
CreateFileA
GetLastError
Sleep
CreateEventW
ReleaseMutex
WaitForSingleObject
CreateMutexA
lstrlenA
InitializeCriticalSectionEx
LeaveCriticalSection
VirtualAlloc
EnterCriticalSection
GetCurrentThread
GetCurrentThreadId
QueryPerformanceCounter
EncodePointer
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
VirtualProtect
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
LCMapStringW
LocalFree
IsDebuggerPresent
OutputDebugStringW
GetThreadTimes
InitializeSListHead
GetCurrentProcessId
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
advapi32
GetUserNameA
OpenEventLogA
ole32
CoInitialize
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
oleaut32
VariantInit
VariantClear
SysAllocString
SysFreeString
ntdll
NtUnmapViewOfSection
ucrtbase
_ismbblead
islower
_malloc_base
__strncnt
_free_base
terminate
_callnewh
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
__setusermatherr
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
_set_fmode
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_controlfp_s
setlocale
_unlock_file
___mb_cur_max_func
ungetc
setvbuf
fwrite
_fseeki64
fsetpos
fputc
fgetpos
fgetc
fflush
_get_stream_buffer_pointers
_errno
_invalid_parameter_noinfo
_unlock_locales
_lock_locales
malloc
_invalid_parameter_noinfo_noreturn
wcslen
frexp
free
strlen
strcpy_s
__stdio_common_vfprintf
fabs
__stdio_common_vsprintf_s
strcspn
tolower
fclose
__acrt_iob_func
_recalloc
fopen
abs
cos
calloc
abort
sin
_except_handler4_common
__uncaught_exception
__CxxFrameHandler3
_CxxThrowException
memset
memchr
memcmp
_purecall
__std_exception_copy
memcpy
memmove
__std_exception_destroy
___lc_codepage_func
___lc_locale_name_func
_wcsdup
isupper
__pctype_func
_lock_file
_calloc_base
localeconv
__AdjustPointer
Sections
.text Size: 58KB - Virtual size: 57KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 1024B - Virtual size: 764B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2bx7aj3 Size: 124KB - Virtual size: 128KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ