Static task
static1
Behavioral task
behavioral1
Sample
130c4926c69a1984a4f5607fad7c91b1.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
130c4926c69a1984a4f5607fad7c91b1.exe
Resource
win10v2004-20231215-en
General
-
Target
130c4926c69a1984a4f5607fad7c91b1
-
Size
490KB
-
MD5
130c4926c69a1984a4f5607fad7c91b1
-
SHA1
ea839e020134bf4bf1fe179e1853dabe4a884c0d
-
SHA256
f879a29f6d2057ca1499c6204fbdd5d0c37c45fd1d728b19e599ac75743a73cd
-
SHA512
85cc38d9d52baeb08fc61fe29f060e2836f5a8f5e1d2d01816f7c3b7a37f615204f3ed701771f0e76b246c1c2766fd1c6d0700167df30bc635ca6c1ee6f0e0ec
-
SSDEEP
12288:TmNvgIyjx99QTR4WTLL+yGz8ts+JA9frtB:TmNS9aTRjTLLl2KA9frz
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 130c4926c69a1984a4f5607fad7c91b1
Files
-
130c4926c69a1984a4f5607fad7c91b1.exe windows:4 windows x86 arch:x86
07e40e9dff7c43da6ca0dafd4f4308dd
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
memset
memcpy
malloc
free
fopen
fread
fwrite
ftell
fseek
fclose
ferror
time
srand
rand
strncpy
_strnicmp
strncmp
_strdup
strlen
longjmp
_setjmp3
strcpy
sprintf
strcmp
fabs
ceil
floor
localtime
mktime
gmtime
abort
_snprintf
__p__iob
fprintf
_CIpow
strtod
kernel32
GetModuleHandleA
HeapCreate
GetModuleFileNameA
HeapDestroy
ExitProcess
Sleep
HeapAlloc
HeapFree
SetFileAttributesA
CreateFileA
SetFileTime
CloseHandle
SystemTimeToFileTime
LocalFileTimeToFileTime
EnterCriticalSection
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSection
CreateThread
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentThreadId
GetCurrentProcessId
WideCharToMultiByte
MultiByteToWideChar
GetTickCount
GetVersionExA
SetLastError
GlobalAlloc
GlobalFree
TlsAlloc
MulDiv
GetTempPathA
DeleteFileA
GetLocalTime
WriteFile
ReadFile
SetFilePointer
HeapReAlloc
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
user32
SetTimer
KillTimer
OemToCharA
CharUpperA
MessageBoxA
SendMessageA
GetWindowThreadProcessId
IsWindowVisible
IsWindowEnabled
GetForegroundWindow
GetWindowLongA
SetWindowPos
EnableWindow
EnumWindows
DestroyWindow
SetWindowTextA
InvalidateRect
UpdateWindow
GetClientRect
GetIconInfo
DrawStateA
GetFocus
GetSysColorBrush
FrameRect
DrawFocusRect
ValidateRect
CallWindowProcA
GetDC
GetWindowRect
ReleaseDC
CreateWindowExA
SetWindowLongA
GetParent
MapWindowPoints
GetSysColor
ScreenToClient
RedrawWindow
ReleaseCapture
BeginPaint
EndPaint
SetCapture
GetSystemMetrics
RemovePropA
DefWindowProcA
SetPropA
GetPropA
MoveWindow
GetWindow
SetActiveWindow
UnregisterClassA
DestroyAcceleratorTable
LoadIconA
LoadCursorA
PeekMessageA
MsgWaitForMultipleObjects
GetMessageA
GetActiveWindow
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
RegisterClassA
AdjustWindowRectEx
ShowWindow
CreateAcceleratorTableA
SetCursorPos
LoadImageA
SetCursor
SystemParametersInfoA
GetKeyState
PostMessageA
GetCursorPos
SetFocus
IsChild
GetClassNameA
EnumChildWindows
FillRect
DefFrameProcA
DestroyIcon
CreateIconFromResourceEx
CreateIconFromResource
gdi32
GetStockObject
CreateRectRgn
SelectClipRgn
GetObjectA
GetObjectType
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
SetBkColor
SetTextColor
CreateSolidBrush
GetDIBits
CreateDIBSection
CreateBitmap
SetPixel
SetDIBits
CreateDCA
GetDeviceCaps
CreateFontA
comctl32
InitCommonControlsEx
oleaut32
SysAllocString
imagehlp
MakeSureDirectoryPathExists
ole32
CoTaskMemFree
CoInitialize
RevokeDragDrop
wsock32
closesocket
WSACleanup
WSAStartup
socket
inet_addr
gethostbyname
htons
connect
ioctlsocket
recvfrom
recv
send
sendto
WSAGetLastError
shell32
ShellExecuteA
winmm
timeBeginPeriod
timeEndPeriod
shlwapi
SHStrDupA
Sections
.code Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.text Size: 145KB - Virtual size: 144KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 32KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 81KB - Virtual size: 82KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 101KB - Virtual size: 100KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ