Static task
static1
Behavioral task
behavioral1
Sample
18623e1d1ef4c62785d04ef6bc6bbc64.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
18623e1d1ef4c62785d04ef6bc6bbc64.exe
Resource
win10v2004-20231215-en
General
-
Target
18623e1d1ef4c62785d04ef6bc6bbc64
-
Size
92KB
-
MD5
18623e1d1ef4c62785d04ef6bc6bbc64
-
SHA1
7c9c93a70e9cb737c9311401ed3c9f0774737b5e
-
SHA256
dcb192a73886ba3ea058e9eed466501c91b99202aca846840b41f64d2733d065
-
SHA512
7c0e976d137c8e2a55d4a0a0e08a2c7dfc61e9922151e62ccb4e5885651dcfbb9e274aa88d1db59fa251fa8e112af52ac101f59373795f9f1310b4ff9c1ccf93
-
SSDEEP
1536:/D+KbGZgLWhdQ0pjhcptJP4TLC4yuTjllEgxJZdlDy:/LiZndQ0/bTlyuXDlDy
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 18623e1d1ef4c62785d04ef6bc6bbc64
Files
-
18623e1d1ef4c62785d04ef6bc6bbc64.exe windows:4 windows x86 arch:x86
b0eae5a430444c78dc89887a212365a3
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
InitializeCriticalSection
DeleteCriticalSection
GetLastError
CloseHandle
WaitForSingleObject
Sleep
CreateThread
CreateEventA
lstrcpyA
lstrlenA
GetModuleFileNameA
lstrcatA
GetCurrentThreadId
SetEvent
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
DeleteFileA
CopyFileA
OutputDebugStringA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetPrivateProfileSectionA
GetFileSize
CreateFileA
RaiseException
lstrcmpiA
LocalAlloc
FormatMessageA
lstrcpynA
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
CreateProcessA
HeapSize
SetUnhandledExceptionFilter
LocalFree
FlushFileBuffers
SetStdHandle
SetFilePointer
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
LCMapStringW
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetPrivateProfileSectionNamesA
InterlockedExchange
LCMapStringA
GetFileType
GetSystemTimeAsFileTime
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCurrentProcess
TerminateProcess
GetProcAddress
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
GetCPInfo
GetOEMCP
GetStartupInfoA
HeapReAlloc
WriteFile
GetStringTypeW
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
RtlUnwind
GetStringTypeA
user32
CharNextA
CharUpperA
DispatchMessageA
TranslateMessage
GetMessageA
PostThreadMessageA
wsprintfA
MessageBoxA
PostQuitMessage
advapi32
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteKeyA
RegEnumKeyExA
ole32
CoRevokeClassObject
CoRegisterClassObject
CoUninitialize
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoInitialize
oleaut32
SysStringLen
LoadRegTypeLi
VariantChangeType
VarUI4FromStr
VariantClear
VariantInit
SysStringByteLen
SysAllocStringByteLen
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
GetErrorInfo
shlwapi
PathFindExtensionA
Sections
.text Size: 64KB - Virtual size: 60KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 16KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ