Static task
static1
Behavioral task
behavioral1
Sample
1234.exe
Resource
win10-20231020-en
General
-
Target
1234.exe
-
Size
5.9MB
-
MD5
760c74dd9ce5758a5d9b0a7a34c59d87
-
SHA1
caf31b0c9e9385e8150b1197c5fbd975e5c9cb8c
-
SHA256
fa07572a8e43fd6ba46aaab9bd7aaa76675ec74554ab0d021911f6504bc59073
-
SHA512
a39b1569d6d9caf069607c4a9ec0b9c481e9802866fafd6ec48b2222c885ceb22522db4be8390089edde466d9f938ffff3e450729a18248456b39bc15376bd91
-
SSDEEP
98304:IfQwJ1Z95RwKjafidLd6fCBq55912kRvUA+p7i8wJl9qcePx7ZbvWd7peP1qyRvC:Ze95RVQiWwy8kmzmrrePTiWJZ9oTO99s
Malware Config
Signatures
Files
-
1234.exe.exe windows:6 windows x86
c8f2ecf5d3f133816a57e3ba10f0c6e3
Code Sign
63:24:4d:30:d2:a1:4a:b4:4a:ad:bd:9a:36:e4:da:5aCertificate
IssuerCN=HDD Toshiba SATA-III 10Tb HDWG460EZSTA N300 (7200rpm) 4096Mb 2.5 RtlNot Before10-12-2022 12:00Not After11-12-2032 12:00SubjectCN=HDD Toshiba SATA-III 10Tb HDWG460EZSTA N300 (7200rpm) 4096Mb 2.5 Rtl39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before03-05-2023 00:00Not After02-08-2034 23:59SubjectCN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02-05-2019 00:00Not After18-01-2038 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
62:be:65:f9:ce:de:41:9d:74:f6:83:79:2a:95:87:20:1f:3a:66:7d:86:a5:22:91:01:63:d9:ff:cd:73:28:8dSigner
Actual PE Digest62:be:65:f9:ce:de:41:9d:74:f6:83:79:2a:95:87:20:1f:3a:66:7d:86:a5:22:91:01:63:d9:ff:cd:73:28:8dDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
OutputDebugStringA
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
advapi32
RegOpenKeyExA
ole32
CoInitialize
user32
CharUpperBuffW
Sections
.text Size: - Virtual size: 72KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp|<|> Size: - Virtual size: 3.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp|<|> Size: 1024B - Virtual size: 948B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp|<|> Size: 5.8MB - Virtual size: 5.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 135KB - Virtual size: 584KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ