Static task
static1
Behavioral task
behavioral1
Sample
thegradcafe.exe
Resource
win7-20230831-en
General
-
Target
69ce9bbdf3bd19b420ae8649e8c14348ca006db84643d2d7e16ee890e0fa706c.zip
-
Size
220KB
-
MD5
e8b79ed5a785d48bca5cfa1bc5e048a5
-
SHA1
dff912acb42c27a46dd2f99d504ff0e4727cfe16
-
SHA256
f30c5ed2af4436ac9fd0a2111f8893a91c9062329039f0ed2855319d8c24d1df
-
SHA512
cf6c031cc387602924c3849e16cd9d35481c8e84f9d7875d8c3b46db367d7150bdf09210c3875d9136502c5b7c3c67882a5be3d4832d7c3374fc294ccd0bed21
-
SSDEEP
6144:njAJpJ9l2Lyuq0biRX8pefY2tEvs/EB9OFWiCStoNIIIg83d:jAJG+dimyey9I9oNWt
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack002/thegradcafe.exe
Files
-
69ce9bbdf3bd19b420ae8649e8c14348ca006db84643d2d7e16ee890e0fa706c.zip.zip
Password: infected
-
69ce9bbdf3bd19b420ae8649e8c14348ca006db84643d2d7e16ee890e0fa706c.zip
Password: infected
-
thegradcafe.exe.exe windows x86
Password: infected
e42eabfadf9f96d4882573fb3a454a32
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
shutdown
gdi32
GetOutlineTextMetricsW
LineTo
ExtCreateRegion
GdiSetBatchLimit
GetBrushOrgEx
EqualRgn
FrameRgn
kernel32
GetModuleFileNameA
VirtualFreeEx
GetUserDefaultLangID
FillConsoleOutputCharacterA
EnumSystemGeoID
GetCompressedFileSizeA
LockFile
FormatMessageW
DeviceIoControl
GetFileTime
GetNLSVersion
LoadLibraryW
GetConsoleTitleA
GetModuleHandleA
GlobalFindAtomA
GetCurrentConsoleFont
VirtualUnlock
FormatMessageA
EnumResourceNamesW
GlobalAddAtomA
GetVolumeNameForVolumeMountPointW
GetStringTypeExW
Module32NextW
DeleteCriticalSection
GetStringTypeExA
DefineDosDeviceW
GetVolumePathNameW
GetLogicalDrives
LockFileEx
DeleteTimerQueue
GetLastError
GetModuleFileNameW
GetComputerNameExW
VirtualProtectEx
user32
GetCursor
GetFocus
IsZoomed
GetSystemMenu
GetUpdateRect
FindWindowA
DialogBoxParamW
DrawStateW
InsertMenuItemA
DeferWindowPos
LoadCursorA
GetMessagePos
GetProcessDefaultLayout
GetTitleBarInfo
GetDlgCtrlID
advapi32
GetFileSecurityA
LookupPrivilegeDisplayNameA
LockServiceDatabase
mscms
GetStandardColorSpaceProfileW
msvcrt
vfwprintf
tolower
free
secur32
DeleteSecurityContext
shell32
FindExecutableA
wininet
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW
powrprof
GetCurrentPowerPolicies
urlmon
MkParseDisplayNameEx
winspool.drv
DeletePrinterDriverExW
comdlg32
GetFileTitleW
Sections
.text Size: 96KB - Virtual size: 95KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 240KB - Virtual size: 239KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 36KB - Virtual size: 45KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ