Static task
static1
Behavioral task
behavioral1
Sample
041dc99be1e9c329fb13cd89dc804958.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
041dc99be1e9c329fb13cd89dc804958.exe
Resource
win10v2004-20231215-en
General
-
Target
041dc99be1e9c329fb13cd89dc804958
-
Size
268KB
-
MD5
041dc99be1e9c329fb13cd89dc804958
-
SHA1
55b780c0d5b1cc2982156153fd83667fa2b6e215
-
SHA256
eafb05c5214e956cab59911cd74fc7ad0fe08dd711cb12d69c101fe822c6ab4e
-
SHA512
44d2924d1cfe4fab2f12efc72a0045c9fa4b00660541172883d0a70c86da58a0d880a4ae2bb2c9dfc1de15f7e199357776cd5fe1415ac1b4b68b0f18fa80f8e1
-
SSDEEP
6144:f+8jk0OUGQSaY+IrlT8IiMfT/WEJaP6hvpvkiof70jjtTBM81:sUGQSaY+IrloI7KE7vFkpyjtT9
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 041dc99be1e9c329fb13cd89dc804958
Files
-
041dc99be1e9c329fb13cd89dc804958.exe windows:4 windows x86 arch:x86
a120ee7b05d55aaabd938fac57f3ac8c
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
WSAIoctl
closesocket
gethostname
socket
WSAStartup
WSACleanup
bind
htons
WSASetEvent
sendto
ntohs
WSAGetLastError
recvfrom
getsockname
shutdown
connect
send
gethostbyname
recv
kernel32
CallNamedPipeA
CloseHandle
OpenEventA
SetEvent
DeleteFileA
ReadFile
CreateFileA
GetTempPathA
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
GetWindowsDirectoryA
FindClose
FindFirstFileA
CreateEventA
TerminateThread
WaitCommEvent
GetModuleFileNameA
CreateThread
WriteFile
ResetEvent
WaitForMultipleObjects
SetFilePointer
GetShortPathNameA
OpenProcess
CreateDirectoryA
GetFileSize
GetTickCount
SetFileAttributesA
GetFileAttributesA
RemoveDirectoryA
LocalHandle
OpenSemaphoreA
Beep
SetNamedPipeHandleState
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
Sleep
WaitForSingleObject
GetExitCodeThread
GetStartupInfoA
GetModuleHandleA
GlobalAlloc
GlobalFree
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
HeapLock
HeapUnlock
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
GetExitCodeProcess
CreatePipe
GetCurrentProcess
DuplicateHandle
CreateProcessA
GetDriveTypeA
GetVolumeInformationA
GetLongPathNameA
GetCurrentProcessId
FindNextFileA
HeapWalk
user32
FindWindowA
GetDesktopWindow
GetWindow
GetWindowThreadProcessId
GetWindowLongA
GetWindowTextA
GetMessageA
PostThreadMessageA
GetSystemMetrics
DestroyWindow
SendMessageA
IsWindow
BringWindowToTop
PostMessageA
gdi32
GetDIBits
CreateDCA
BitBlt
SaveDC
PolylineTo
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
shell32
ShellExecuteA
ExtractIconExA
ExtractAssociatedIconA
SHFileOperationA
gdiplus
GdipSaveImageToFile
GdipLoadImageFromFile
GdipFree
GdipAlloc
GdipDisposeImage
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusShutdown
GdiplusStartup
GdipCloneImage
mfc42
ord1601
ord800
ord323
ord1640
ord1641
ord5785
ord354
ord5186
ord1979
ord665
ord640
ord2414
ord3626
ord3663
ord3571
ord537
msvcrt
rand
isdigit
_purecall
malloc
pow
free
wcscmp
_strupr
_strset
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
_controlfp
srand
memcmp
strchr
memcpy
strlen
strrchr
_CxxThrowException
memset
strcpy
strstr
strcmp
__CxxFrameHandler
sprintf
isspace
_ftol
Sections
.text Size: 220KB - Virtual size: 217KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 28KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 12KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ