Static task
static1
Behavioral task
behavioral1
Sample
056b8b70a0e86fbc72383341debee409.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
056b8b70a0e86fbc72383341debee409.exe
Resource
win10v2004-20231222-en
General
-
Target
056b8b70a0e86fbc72383341debee409
-
Size
422KB
-
MD5
056b8b70a0e86fbc72383341debee409
-
SHA1
dce75f5125bedb3784e427055db6d2d526a173e7
-
SHA256
f017220105d46efcce951c153309e3a75d895c27b5507ca9d540b69e412399ad
-
SHA512
2624d8ddfc0abb7f36ccabda1d8a313e3d73031b52cd598ac6c8d9f1eefefcab18db9cdc11205c4d2daba0e634795fd63b24f94388f3b6506a895e08f48415fc
-
SSDEEP
12288:9hJ/hcqoxdkthN2kRD9W7W8M7KAprPoaER:PfcqekN2k5A68y5rnER
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 056b8b70a0e86fbc72383341debee409
Files
-
056b8b70a0e86fbc72383341debee409.exe windows:4 windows x86 arch:x86
8c500a638a920796c4948f79da8942e4
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
WritePrivateProfileSectionA
CreateDirectoryW
LocalLock
lstrcatW
CreateDirectoryA
WriteProcessMemory
GetUserDefaultLangID
GetTimeZoneInformation
WaitNamedPipeA
QueryDosDeviceA
GetLogicalDriveStringsA
CompareStringW
FreeEnvironmentStringsA
lstrcmpiA
GetTapeStatus
SwitchToFiber
IsValidLocale
CreateWaitableTimerA
SizeofResource
GetSystemDefaultLangID
CreateMutexA
SetThreadAffinityMask
GetFileInformationByHandle
GetProfileIntA
GetDiskFreeSpaceW
SetEvent
GlobalGetAtomNameW
GetModuleFileNameW
SetProcessAffinityMask
ExitProcess
user32
CreateMenu
EnumClipboardFormats
SetWindowTextW
HiliteMenuItem
LoadCursorW
SetDlgItemTextA
VkKeyScanA
DialogBoxIndirectParamA
TabbedTextOutA
ExitWindowsEx
gdi32
GetTextExtentPoint32A
MoveToEx
GetEnhMetaFileDescriptionA
StartPage
CreateDIBPatternBrush
WidenPath
RealizePalette
PtVisible
comdlg32
ChooseFontA
PrintDlgA
advapi32
LookupAccountSidW
IsValidAcl
GetSidSubAuthority
GetAclInformation
SetKernelObjectSecurity
RegDeleteKeyA
CryptAcquireContextW
RegQueryValueExA
RevertToSelf
CryptDestroyHash
LookupPrivilegeDisplayNameA
LookupAccountSidA
shell32
SHGetSpecialFolderPathW
ole32
OleGetIconOfClass
CoGetObject
CLSIDFromString
IIDFromString
oleaut32
SafeArrayGetLBound
SafeArrayGetElement
VariantChangeType
SafeArrayCreate
SafeArrayRedim
LoadTypeLi
SafeArrayUnaccessData
VariantCopy
SysFreeString
LoadTypeLibEx
comctl32
PropertySheetA
CreatePropertySheetPageW
ImageList_Create
ImageList_LoadImageA
shlwapi
StrRetToBufW
StrCpyNW
PathIsRootW
PathRemoveBackslashW
StrDupW
StrCmpW
msvcrt
_read
strcspn
_wsetlocale
ferror
difftime
_ismbblead
isprint
wcscpy
strftime
isxdigit
_wchmod
wcscmp
fgetws
isspace
_dup2
strchr
_chdir
_wcsicmp
_fsopen
getenv
gmtime
qsort
_getmbcp
_wcsdup
fputc
_umask
_mbsrchr
_putenv
ungetc
_filelength
_wsystem
atol
strncat
fgetwc
swscanf
wscanf
bsearch
fopen
isalnum
Sections
.text Size: 4KB - Virtual size: 227KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 113KB - Virtual size: 113KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 10KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE