Static task
static1
Behavioral task
behavioral1
Sample
1fedc6a7ba680fa6f6a6165f7882d0d8.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
1fedc6a7ba680fa6f6a6165f7882d0d8.exe
Resource
win10v2004-20231215-en
General
-
Target
1fedc6a7ba680fa6f6a6165f7882d0d8
-
Size
9KB
-
MD5
1fedc6a7ba680fa6f6a6165f7882d0d8
-
SHA1
3f6d5d19d56c4b7e30860a35bce9be313f32d6f2
-
SHA256
dc604a3e6e2007d5280537bfd196c1d8ee37c5285be37eeb2121c670981c58d1
-
SHA512
877844c742773f08793c2fa43596cb6bf94fba5dfbfa5d15db333257e52326d17bebf8410b0a5fcbd285b2d8ad0f718376299702af7abbca4309f398c0ad612a
-
SSDEEP
96:UFeN03LtkvKvH9qkqOxBT8AjQ//GHFnLABkOqkqRpRGxAOyYTuAf:/mOi4kvxBT8AjQnGlgkhkG0xOYTLf
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1fedc6a7ba680fa6f6a6165f7882d0d8
Files
-
1fedc6a7ba680fa6f6a6165f7882d0d8.exe windows:5 windows x86 arch:x86
9b9146f54e33c06fb6d2e6dc44e64697
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
user32
MessageBoxA
LoadStringA
wsprintfA
CharNextA
kernel32
EnterCriticalSection
ExitProcess
InterlockedDecrement
lstrlenW
lstrcpynA
LeaveCriticalSection
InterlockedExchange
GetLocaleInfoA
lstrcmpiA
DeleteFileA
FreeLibrary
GetVersion
FindResourceA
LoadLibraryExA
GetModuleFileNameA
GetThreadLocale
InitializeCriticalSection
GetProcAddress
GetModuleHandleA
InterlockedIncrement
SetDllDirectoryA
GetLastError
SetHandleInformation
SizeofResource
CreateFileA
LockResource
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleA
GetThreadContext
GetStartupInfoA
ReadFile
GetCurrentThreadId
GetSystemTimeAsFileTime
VirtualQuery
GetShortPathNameA
WriteFile
IsDBCSLeadByte
RaiseException
GetCurrentProcessId
lstrlenA
LoadResource
GetVersionExA
CreatePipe
GetTickCount
CloseHandle
GetACP
MoveFileA
DeleteCriticalSection
lstrcatA
QueryPerformanceCounter
GetSystemDirectoryA
CreateProcessA
OutputDebugStringA
advapi32
RegQueryValueExA
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegOpenKeyExA
version
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
Sections
.text Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bfmy Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
.edata Size: 132KB - Virtual size: 155KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ