Static task
static1
Behavioral task
behavioral1
Sample
0771ddc1515150cf7bb2eaed7ce17db58bf1f3f963ec60b28e29266763c92594.exe
Resource
win7-20231020-en
General
-
Target
0dbaff61a0d7eb35c23542fe980c8e30.bin
-
Size
1.6MB
-
MD5
1a556ee80fcf6d537f624ae11a9190a0
-
SHA1
2369322c271fb9f23127f6b75c363523f9fd19fd
-
SHA256
06faa5e61d3a3fc1e22b02ef6e2045e8f95e209190a98810b486f49bcf1bd1ad
-
SHA512
86ec93c911e03527599dbe31fbb6b8dc8503ee5cae3ec0e9b537aa647e0390574718426520472d173e35aca1c647e190ee4428273a2b67e14969db35acfc6ab4
-
SSDEEP
24576:XH+OK+UCMckBz9Oz8CaV3pua1FUrF/Vt4+YQfdppsF+9l5D33:4+UV5GatnMrK/QWUN
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/0771ddc1515150cf7bb2eaed7ce17db58bf1f3f963ec60b28e29266763c92594.exe
Files
-
0dbaff61a0d7eb35c23542fe980c8e30.bin.zip
Password: infected
-
0771ddc1515150cf7bb2eaed7ce17db58bf1f3f963ec60b28e29266763c92594.exe.exe windows:6 windows x64
Password: infected
67369187d395d43495f72ffdf9b69f9b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ntdll
NtCreateFile
RtlCaptureContext
RtlNtStatusToDosError
RtlLookupFunctionEntry
NtReadFile
RtlVirtualUnwind
NtWriteFile
NtDeviceIoControlFile
NtCancelIoFileEx
kernel32
GetCurrentProcessId
SetHandleInformation
TryAcquireSRWLockExclusive
GetCurrentProcess
DuplicateHandle
GetSystemInfo
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
GetConsoleWindow
SetFileCompletionNotificationModes
Sleep
GetModuleHandleA
GetProcAddress
GetFileInformationByHandle
GetConsoleMode
ReleaseSRWLockShared
AcquireSRWLockShared
TerminateProcess
OpenProcess
Process32NextW
FreeEnvironmentStringsW
ReleaseMutex
FindClose
GetLastError
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
Process32FirstW
CreateToolhelp32Snapshot
FlushFileBuffers
SetFileInformationByHandle
SetFilePointerEx
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
WaitForSingleObject
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
HeapFree
AcquireSRWLockExclusive
HeapReAlloc
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
FindNextFileW
CreateFileW
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
GetFinalPathNameByHandleW
ReleaseSRWLockExclusive
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
GetFullPathNameW
CloseHandle
CreateNamedPipeW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
UnhandledExceptionFilter
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
ReadConsoleW
CreateThread
GetSystemTimeAsFileTime
GetTempPathW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
CompareStringOrdinal
user32
GetForegroundWindow
GetWindowLongPtrW
FindWindowA
ShowWindow
SetForegroundWindow
SetWindowLongPtrW
GetSystemMenu
RemoveMenu
advapi32
SystemFunction036
GetUserNameW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
ws2_32
getpeername
getsockname
send
WSASend
WSASocketW
setsockopt
WSAIoctl
closesocket
WSAStartup
connect
ioctlsocket
getsockopt
shutdown
WSAGetLastError
freeaddrinfo
recv
getaddrinfo
WSACleanup
bind
secur32
FreeCredentialsHandle
EncryptMessage
InitializeSecurityContextW
AcceptSecurityContext
FreeContextBuffer
DecryptMessage
ApplyControlToken
DeleteSecurityContext
QueryContextAttributesW
AcquireCredentialsHandleA
crypt32
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertDuplicateStore
CertFreeCertificateChain
bcrypt
BCryptGenRandom
vcruntime140
__C_specific_handler
__current_exception
__CxxFrameHandler3
memcmp
memcpy
_CxxThrowException
memset
memmove
__current_exception_context
api-ms-win-crt-string-l1-1-0
strlen
api-ms-win-crt-math-l1-1-0
pow
__setusermatherr
api-ms-win-crt-heap-l1-1-0
free
malloc
_set_new_mode
api-ms-win-crt-stdio-l1-1-0
__p__commode
_set_fmode
api-ms-win-crt-runtime-l1-1-0
terminate
_set_app_type
_seh_filter_exe
_register_onexit_function
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
__p___argv
exit
_exit
_crt_atexit
__p___argc
_initialize_onexit_table
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 2.5MB - Virtual size: 2.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 15KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 138KB - Virtual size: 137KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ