Static task
static1
Behavioral task
behavioral1
Sample
147c5aea2eb63d854a80167a9be8078d0ba90f2cccad89e226ac1c54f8508105.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
147c5aea2eb63d854a80167a9be8078d0ba90f2cccad89e226ac1c54f8508105.exe
Resource
win10v2004-20230915-en
General
-
Target
147c5aea2eb63d854a80167a9be8078d0ba90f2cccad89e226ac1c54f8508105
-
Size
1.7MB
-
MD5
09359def89124ac0cab1a5e16d5c36c9
-
SHA1
b3051a97aa903921a667773da2948ad2787d9778
-
SHA256
147c5aea2eb63d854a80167a9be8078d0ba90f2cccad89e226ac1c54f8508105
-
SHA512
60c9cdcd3497430c30cbb8f6489a7b5115c1ddb31cbb5337917b7394cc467e69a8e5a266577ffae770cbbccc279943cd9989682821728e1a409a799a17c65960
-
SSDEEP
12288:pEQQUyg+lCFcD1goThydrWUeB+QChZsrwbebPeVmfCUqVfZbdbHF:pEe5UOoTqy8QCYrLLeYKUML
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 147c5aea2eb63d854a80167a9be8078d0ba90f2cccad89e226ac1c54f8508105
Files
-
147c5aea2eb63d854a80167a9be8078d0ba90f2cccad89e226ac1c54f8508105.exe windows:6 windows x64
03baf3e082d960da35a08c0acfd107a0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
oleaut32
SysFreeString
VariantClear
SysAllocString
VariantInit
kernel32
OpenProcess
TerminateProcess
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetTempPathW
GetEnvironmentStringsW
Process32NextW
WideCharToMultiByte
Process32FirstW
MultiByteToWideChar
GetModuleFileNameW
GetModuleHandleW
GetThreadId
GetCurrentThread
CreateThread
OutputDebugStringW
CreateToolhelp32Snapshot
SubmitThreadpoolWork
CreateThreadpoolWork
WTSGetActiveConsoleSessionId
Sleep
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
SetStdHandle
FreeLibrary
CloseHandle
CreateEventW
GetProcAddress
LoadLibraryW
GetCurrentProcess
QueryFullProcessImageNameW
LoadLibraryExW
GetLastError
GetCPInfo
GetStringTypeW
FlushFileBuffers
GetConsoleOutputCP
GetProcessHeap
HeapAlloc
HeapFree
WaitForMultipleObjects
GetOEMCP
GetACP
HeapReAlloc
HeapSize
HeapDestroy
CreateDirectoryW
IsValidCodePage
lstrlenW
WriteFile
SetFilePointer
InitializeCriticalSectionEx
LocalAlloc
CreateFileW
RaiseException
GetLocalTime
FindNextFileW
LocalFree
FindFirstFileExW
lstrcmpiW
FindClose
SetFilePointerEx
GetFileSizeEx
GetFileType
SizeofResource
LockResource
LoadResource
FindResourceExW
FindResourceW
ReadFile
GetFullPathNameW
GetConsoleMode
DeleteCriticalSection
InitializeCriticalSection
VerSetConditionMask
WriteConsoleW
VerifyVersionInfoW
LCMapStringW
CompareStringW
GetCommandLineW
ProcessIdToSessionId
GetCommandLineA
GetStdHandle
GetModuleHandleExW
ExitProcess
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
QueryPerformanceCounter
GetSystemTimeAsFileTime
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ole32
CoInitializeSecurity
CoCreateGuid
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx
CoUninitialize
rpcrt4
UuidToStringW
RpcStringFreeW
user32
MsgWaitForMultipleObjects
advapi32
CryptReleaseContext
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
QueryServiceStatus
ControlService
CreateServiceW
RegNotifyChangeKeyValue
CloseServiceHandle
DeleteService
OpenServiceW
OpenSCManagerW
RevertToSelf
ImpersonateLoggedOnUser
EventWriteString
SetServiceStatus
EventUnregister
EventRegister
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
CreateProcessAsUserW
DuplicateTokenEx
OpenProcessToken
wtsapi32
WTSQueryUserToken
WTSFreeMemory
WTSQuerySessionInformationW
userenv
CreateEnvironmentBlock
UnloadUserProfile
DestroyEnvironmentBlock
setupapi
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
CM_Locate_DevNodeW
CMP_WaitNoPendingInstallEvents
SetupDiGetClassDevsW
wintrust
WinVerifyTrust
Sections
.text Size: 125KB - Virtual size: 124KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 72KB - Virtual size: 72KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 244B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1.5MB - Virtual size: 2.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE