Static task
static1
Behavioral task
behavioral1
Sample
134fff2af454099f5f4e7418e695db7c9f54799e1564a104cea197257806be80.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
134fff2af454099f5f4e7418e695db7c9f54799e1564a104cea197257806be80.exe
Resource
win10v2004-20230915-en
General
-
Target
134fff2af454099f5f4e7418e695db7c9f54799e1564a104cea197257806be80
-
Size
5.7MB
-
MD5
90caecb5cb04b868e3eb0f7c9f83c089
-
SHA1
c27461b32df90f8a5e3d96cf4744f438d7ae9f45
-
SHA256
134fff2af454099f5f4e7418e695db7c9f54799e1564a104cea197257806be80
-
SHA512
c3e6300ab417a493cc0d771b0afbd1c51da0650974085ac22014e471e94b2c52ca632a694be3b245918bdd09f3e50ec41007dad7cd8381c141064c2612da3a4f
-
SSDEEP
49152:FJzXpCBOuR/WTUgR+Ndh6v+HrMIsQwt6YjOXzcSWg+NMMbMaNobLUmuh+UDi+ANF:9YmvTnaM+dNgZgM3dNJN
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 134fff2af454099f5f4e7418e695db7c9f54799e1564a104cea197257806be80
Files
-
134fff2af454099f5f4e7418e695db7c9f54799e1564a104cea197257806be80.exe windows:6 windows x64
9d2acf8dde6f520848368368ab0d0b18
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ntdll
RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
RtlUnwind
NtWriteFile
NtReadFile
RtlLookupFunctionEntry
RtlCaptureContext
NtCreateFile
NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx
kernel32
SystemTimeToFileTime
SetEvent
EnterCriticalSection
GetCurrentThreadId
TzSpecificLocalTimeToSystemTime
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ResetEvent
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
RaiseException
Process32Next
EncodePointer
OpenProcess
Process32First
CreateToolhelp32Snapshot
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TlsAlloc
TlsFree
GetModuleHandleExW
GetCommandLineA
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetStdHandle
GetStringTypeW
SystemTimeToTzSpecificLocalTime
FlsAlloc
GetSystemTimeAsFileTime
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
TlsSetValue
TlsGetValue
CreateThread
WideCharToMultiByte
WriteConsoleW
MultiByteToWideChar
HeapSize
SetHandleInformation
GetCurrentProcessId
CloseHandle
GetFullPathNameW
ExitProcess
GetFileType
GetConsoleMode
GetFinalPathNameByHandleW
TryAcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
CreateMutexW
GetLastError
GetCurrentProcess
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
WriteFile
SetFileCompletionNotificationModes
SleepConditionVariableSRW
GetSystemInfo
GetConsoleOutputCP
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
GetUserDefaultUILanguage
LCIDToLocaleName
GetFileInformationByHandle
LoadLibraryW
GetProcAddress
FindNextFileW
CreateMutexA
lstrlenW
WaitForSingleObjectEx
HeapReAlloc
GetFileAttributesW
CreateFileW
OutputDebugStringA
OutputDebugStringW
GetModuleFileNameW
CreateEventW
FormatMessageW
HeapAlloc
GetModuleHandleA
LoadLibraryExW
GetProcessHeap
HeapFree
Sleep
FreeLibrary
GetEnvironmentVariableW
QueryPerformanceFrequency
QueryPerformanceCounter
WakeConditionVariable
WakeAllConditionVariable
TerminateProcess
GetStdHandle
SetFilePointerEx
SetFileInformationByHandle
FlushFileBuffers
GetCommandLineW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
GetCurrentThread
SwitchToThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
LoadLibraryA
FindClose
ReleaseMutex
comctl32
SetWindowSubclass
DefSubclassProc
RemoveWindowSubclass
user32
ToUnicodeEx
ShowCursor
PostThreadMessageW
ClipCursor
GetClipCursor
GetActiveWindow
SetWindowLongW
EnableMenuItem
GetSystemMenu
SendMessageW
DestroyIcon
SetCapture
SetWindowLongPtrW
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
RegisterWindowMessageA
PeekMessageW
DispatchMessageA
GetMessageA
GetKeyboardLayout
CreateIcon
ReleaseCapture
SendInput
SetWindowDisplayAffinity
GetKeyboardState
AdjustWindowRectEx
IsProcessDPIAware
GetDC
GetWindowRect
GetUpdateRect
SetForegroundWindow
MonitorFromRect
GetSystemMetrics
PostMessageW
TrackMouseEvent
DestroyWindow
GetWindowLongW
GetClientRect
ClientToScreen
RegisterClassExW
GetTouchInputInfo
ScreenToClient
CloseTouchInputHandle
GetCursorPos
MonitorFromWindow
SetWindowPos
GetAsyncKeyState
SetCursor
GetMonitorInfoW
LoadCursorW
GetKeyState
EnumWindows
GetWindowThreadProcessId
IsWindowVisible
ShowWindow
MapVirtualKeyExW
TranslateMessage
GetWindowLongPtrW
GetRawInputData
ValidateRect
RedrawWindow
DispatchMessageW
SystemParametersInfoA
SetPropW
GetMenu
CreateWindowExW
IsWindow
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
DefWindowProcW
GetMessageW
MapVirtualKeyW
EnumChildWindows
InvalidateRgn
RegisterTouchWindow
ole32
CoCreateInstance
RevokeDragDrop
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
OleInitialize
RegisterDragDrop
shell32
SHAppBarMessage
DragQueryFileW
DragFinish
psapi
GetModuleFileNameExW
gdi32
GetDeviceCaps
CreateRectRgn
DeleteObject
dwmapi
DwmEnableBlurBehindWindow
ws2_32
WSAStartup
getsockname
getpeername
WSASocketW
bind
connect
ioctlsocket
getsockopt
shutdown
recv
WSASend
setsockopt
WSAIoctl
WSAGetLastError
getaddrinfo
closesocket
freeaddrinfo
WSACleanup
send
advapi32
RegQueryValueExW
RegOpenKeyExW
RegGetValueW
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
SystemFunction036
RegCloseKey
secur32
AcceptSecurityContext
AcquireCredentialsHandleA
FreeContextBuffer
DecryptMessage
EncryptMessage
InitializeSecurityContextW
DeleteSecurityContext
QueryContextAttributesW
FreeCredentialsHandle
ApplyControlToken
crypt32
CertFreeCertificateChain
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertDuplicateCertificateChain
CertCloseStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertDuplicateStore
CertGetCertificateChain
CertVerifyCertificateChainPolicy
oleaut32
GetErrorInfo
SetErrorInfo
SysStringLen
SysFreeString
bcrypt
BCryptGenRandom
Sections
.text Size: 3.7MB - Virtual size: 3.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.8MB - Virtual size: 1.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 15KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 192KB - Virtual size: 191KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 348B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 30KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ