���� ɬu�J@�����4w|L��#W��w\�˱h!,��Q �h��m�5��o�e���[�Jқ��_]��M+�Fv��}�?���j�C�d�� �#���z���"=a��N��X��A�̷h�h�v�-�Ѵ�Zll� ��?Ig5B��ѕw'C�LbO��f�l�oO��a}�[����p�KXg�Lɵ��/+�R�_�]\�ۮ�b].͛�ѹ�|A�� !S�ٯ՜a�L�.� �D v��X#lp;u Kr:w(�l�I+���R�W�C>X=���2��Y��m�kX��^r͕ ��#$.��N��S=zF�a����2kaq}��^�CS�r�)(ԟ#%�ck ������e��k�,c�G�2߲ht���H����� h�{P2������Ix��X�n,j�B1��\��4 ��%��C�K>�/= �)�aZ'-�����0��<��|g?�Z����!z�MTdH�[��L'��[:��ج�PezmP�Pȧ:�ܣ}D'���Ϲ��u0�_������#MK�ρ��.{ٗ��`�V����{�|�{ �*��v*b�h=C��wPc��A�0�?�Vn��kb���6��F&�Oٴ�u~0S��W��ZQ���b���?�Ɓl�!�e���&�b��Oa�GL�<@�/d�pgd��S2��Y�-��g �-�B�W�S��=�mt܄e�<��J��vJ�cƍ���HjV��g��w��RxFQ�JCAg������Q� �v���CF�E^b�������xY-�����f�!�2"B�.�LeO���K�-4�'r�f�k3����;�܃O鞰��6Q_7r�1<g؈��ܶ�.s�����!�K� A� ��j��߳c=V��xHY8)a[���f�l+�L0�}�4�!(�S�fEQ7`�!�MU�+�4�����'�$f���Y;�Q�G�>�����A�V֦+q��-�h��O�~��%��C��\��[{�f����Y�`O;�����7�6H��s��8[�{D����z������ԣ#xC��/ U9�n��cp2���}�0Eyv�xg y`,���O3�@�P��~����sut(�v��[ݦEu]Pc��3QK����6�R�[s� ��s늳}�� ��eD�o���ڗ�4 �':� �=���5;�$4����3?Xp���w�����ʂ�_>[*{R��[��٠j���_���=َtD��)G�Io��� k+�����P����o3 b��� �\q�~Ft�y���\&`���1b�V����)6�"��� FgL�7�BD��P�-Y� �|�ꝃ��&�N�����GW2yܞu�5�fFEs�s��D��������6V10��! ����ċ����?�Jwc8H#�k�����U�k���H]S�(GY��:v���ϱ ��jƾF"�B��r碘ޗcB���p�*��g%Z�`�����_ 4IȢ���O2 ˗����EK,aM�e������tvX*��s�$�I,B�P�݉�MAe��4:ά��6��L��D��ߘ5��A���A��𰁂b���)�آ͚�R��NM���_��.pLs?Q��5l�9��&�aZ�T���t�s� �gg٠2hKD�a��h�|�|�`��p�y���������+͊�/�J�Ae��J4�ȏY^����͏NJi;��c8ç�m\��.l�^Bf��a��?� �{q����ѓ"�4q���q���W�2��I ��\��K�a�@�����Z�o0�{�ҌFf����f�U��_�"�%�[��s�3l�s��~�="�q6�A������a�8�4�)Tf���f4]��/+o�A���xp�3��[��#K�y�A����[۰(����Y��L��|�q����d�p������ ��k���],~Y��>��>�K���,M%�k�@a�������m+ �Qiv'���_�to��ٽ��z�y_��Z�uI��{��X��tN�8T<���@B1a� ���nפ%���q��9=3��TI����Ɗ��xA�8����`T��F͗�J�~������mm}xߑ�rR�d/��w���PM���(W�{'i�ku�T�w�Va�c���K�t�}/6�T����X����+�<nS���?%�qXn��+��W�a\y���B�zX�<(�u��}�*�˱@����=��+�>�ϰ>JiyO��ў�{5�=�C@�[0����;V~֦*����]r���gz���d���_Iƌ�B#Y��ŀ�4��❶��2 XZ����$�"�_��M��X��ECo`�5�@�Ӫ<,�@��U�*�A����5/,�¼�M�Ă�G�L�"���(��!8sƀn�����B��TÆvDaO��GF/��^�+���������_�0{�i}���aLUH�4̕���o�~����kp�֩��b��4'5����</�o�mb(`߅�[��@ϡ�+鎽������ƿ�&��M���;�(��H9l������]CWN@ t_�:[��`�������X *t�3Y��̅h���hvX�~�:%���x��D�h��T��|z*v�E�� �e����&J���8;+z���������r0�sj������ a'�����j�����e�O2�rS�D#̔\��ޢ��o�z��!����h��{�z -������<��t��͵s� j���*i㤤���H������S=�-{O��_�@�ur{���=�u�3 � 2�T_d��%��x��p�^��'qq��r-XH�������&�u�Txinr�܇��sEm���TuR�8ۏD��u|S��Q�F0!{�m=�q�Н����/~��Eo �'�[[E�ӊ���썔���(��=X�R�zR� ԙ�+�����H�kJ���G]O���[B��9v)�fIz���k����o�*v���>����:<���5���ǩrش���I�`B�:2�8�?"��:���+t\�BD�j�ا���K�(�y� �y���F�����?9��7�� �����1 �"-�`4З*y!���F +O�����+r��|k�ܦ�^�R�),�V
Static task
static1
Behavioral task
behavioral1
Sample
f8a1a33878b95194312ce5574e1cd6da88af7cc02058a0b8d99fa2e4492d1927.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
f8a1a33878b95194312ce5574e1cd6da88af7cc02058a0b8d99fa2e4492d1927.exe
Resource
win10v2004-20230915-en
General
-
Target
f8a1a33878b95194312ce5574e1cd6da88af7cc02058a0b8d99fa2e4492d1927
-
Size
812KB
-
MD5
4c914969658a40177e9733e7f0e313e7
-
SHA1
651bbc78a49bbe349d608e4493e435b0c751cedd
-
SHA256
f8a1a33878b95194312ce5574e1cd6da88af7cc02058a0b8d99fa2e4492d1927
-
SHA512
e5242b4c20afb3274ad3251f45dcdaaed7f79a2bffd3987cc6cbced15172f6a87aaa1a63a45007d20b3e0ffff0d0962e0d18757dbb8fa5cff9f00282cf163e06
-
SSDEEP
12288:SqmytVdB0rPEDb3kCoI641jxy7GHEX2rnAv8MktrOKxp22CMOZ/1Sq:SqxtVfNDb31oT41+aneOrO4p2zMOZ/V
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f8a1a33878b95194312ce5574e1cd6da88af7cc02058a0b8d99fa2e4492d1927
Files
-
f8a1a33878b95194312ce5574e1cd6da88af7cc02058a0b8d99fa2e4492d1927.exe windows:5 windows x86
b64cb8f2a09d465fee22eda05e27148d
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetVersionExA
GetVersion
FindFirstFileA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess
user32
TranslateMessage
advapi32
CryptGetHashParam
shlwapi
PathFindFileNameA
Exports
Exports
Sections
5rCWC Size: - Virtual size: 119KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
5rCWC7 Size: - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
5rCWC Size: - Virtual size: 91KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
5rCWC Size: - Virtual size: 671KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
5rCW Size: 4KB - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
5rCWC Size: 800KB - Virtual size: 797KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
5rCWC Size: 4KB - Virtual size: 692B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ