Static task
static1
Behavioral task
behavioral1
Sample
283326915c70e625950bbd484bf32b43.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
283326915c70e625950bbd484bf32b43.exe
Resource
win10v2004-20231215-en
General
-
Target
283326915c70e625950bbd484bf32b43
-
Size
12KB
-
MD5
283326915c70e625950bbd484bf32b43
-
SHA1
bab9aeb65b85581f562ce0e53f10a6e284946eae
-
SHA256
c1b2e936a1d7d3add32bb853103367c97f1cdb8d4f9160477c62b6cc66689902
-
SHA512
a948c2720328ed5010705dbf02e36c3659395717749eeb7f51b1db67888e0e6da8066359b884e114f7e093f894ae6713ff85d8ad0db30e9a46a33a5d2260a30b
-
SSDEEP
192:1tlp0wnLoy8dBcQ5XM5lxUrhn31Xv/IF6PSvUTsxOeHl+NogC:1Pbo3dBT5c5a53LPSvhjce
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 283326915c70e625950bbd484bf32b43
Files
-
283326915c70e625950bbd484bf32b43.exe windows:4 windows x86 arch:x86
42665fe93309644e352b7cf65a2524e9
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
HeapFree
GetLastError
CloseHandle
GetCurrentProcess
Sleep
CreateProcessA
lstrcatA
GetWindowsDirectoryA
WriteProcessMemory
VirtualProtectEx
VirtualQueryEx
VirtualAllocEx
VirtualFreeEx
GetModuleHandleA
CompareStringA
lstrcmpA
ReadFile
CreateFileA
GetProcessHeap
CopyFileA
lstrlenA
GetModuleFileNameA
CreateDirectoryA
FindClose
FindNextFileA
DeleteFileA
FindFirstFileA
GetEnvironmentVariableA
WriteFile
GetTickCount
GetVersion
TerminateProcess
OpenProcess
WinExec
lstrcpyA
WideCharToMultiByte
HeapAlloc
lstrcmpiA
ExitProcess
LoadLibraryA
GetProcAddress
GetCurrentDirectoryA
FreeLibrary
user32
DispatchMessageA
TranslateMessage
GetMessageA
SetTimer
UpdateWindow
CreateWindowExA
RegisterClassA
LoadCursorA
PostThreadMessageA
GetWindowThreadProcessId
FindWindowA
PostQuitMessage
DefWindowProcA
EnumWindows
SendMessageA
wsprintfA
EnumChildWindows
GetWindowTextLengthA
GetWindowTextA
GetClassNameA
RegisterWindowMessageA
SendMessageTimeoutA
advapi32
AdjustTokenPrivileges
OpenProcessToken
IsValidAcl
InitializeAcl
RegQueryValueA
LookupPrivilegeValueA
ole32
CoInitialize
CoUninitialize
ws2_32
WSACleanup
WSAStartup
Sections
.text Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE