Static task
static1
Behavioral task
behavioral1
Sample
331d0895ef14829ce17175d5dc1d85c3.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
331d0895ef14829ce17175d5dc1d85c3.exe
Resource
win10v2004-20231222-en
General
-
Target
331d0895ef14829ce17175d5dc1d85c3
-
Size
847KB
-
MD5
331d0895ef14829ce17175d5dc1d85c3
-
SHA1
93662e431c63220ad2095c0917704dcbf6d566c5
-
SHA256
16cb3992dbc6fdcfc7d8f5127f797060361eee7785289e1b786f7ebaaddc7b30
-
SHA512
8b255a3176fcc1df1b195462005833ecf87dde697818e670c758c48c0fbc3f166065955538b90e2c853790458aaaae355c9604f56c580cf8716a9747e573a4da
-
SSDEEP
24576:+7cs0pOJYWJpvAa8I+AYHhFcdoLOIKQ2M:Qcs0cJ5+A8V
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 331d0895ef14829ce17175d5dc1d85c3
Files
-
331d0895ef14829ce17175d5dc1d85c3.exe windows:5 windows x86 arch:x86
bb76dd4f669cd2dfa1f60764775f4244
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
oleaut32
VarCat
VarR8FromDec
VarDecAdd
VariantClear
LPSAFEARRAY_UserUnmarshal
VarDateFromDec
VarI8FromUI8
VarR4FromDisp
VarCyFromUI1
VarDateFromI1
VarUI8FromCy
OleLoadPicture
VarR8FromI8
VarR4CmpR8
RegisterTypeLib
SafeArrayAllocDescriptor
VarUI4FromDec
VarBstrFromR4
VarR4FromUI1
VarUI4FromUI2
VarR4FromUI2
ClearCustData
VarI1FromR4
VarCyInt
scecli
SceCloseProfile
DeltaNotify
SceDcPromoCreateGPOsInSysvolEx
SceGetServerProductType
SceSvcFree
SceCopyBaseProfile
SceAddToNameStatusList
SceSetupSystemByInfName
SceOpenProfile
SceCompareNameList
SceAddToNameList
SceConfigureConvertedFileSecurity
SceSetupUpdateSecurityFile
SceSvcConvertSDToText
SceProcessSecurityPolicyGPO
SceBrowseDatabaseTable
SceSetupBackupSecurity
SceOpenPolicy
SceGetAnalysisAreaSummary
SceSetupUpdateSecurityKey
SceFreeProfileMemory
SceRollbackTransaction
SceCreateDirectory
SceRegisterRegValues
SceAddToObjectList
gdi32
SetSystemPaletteUse
EngDeletePalette
CreateRectRgn
GdiStartDocEMF
GdiReleaseLocalDC
GetGlyphOutlineWow
GdiArtificialDecrementDriver
AbortPath
StrokeAndFillPath
CreateRoundRectRgn
PolyDraw
GetBitmapDimensionEx
GetLogColorSpaceW
RestoreDC
CreateRectRgnIndirect
GetEUDCTimeStampExW
GetCurrentPositionEx
kernel32
OpenProcess
GetVolumePathNameA
LocalCompact
GetNumberFormatW
FlushFileBuffers
FreeEnvironmentStringsA
GetTapePosition
WriteConsoleInputVDMW
GetTickCount
GetLogicalDrives
SetNamedPipeHandleState
GetFileSize
SetConsolePalette
EnumCalendarInfoExA
lstrcpyn
LoadLibraryA
GetConsoleKeyboardLayoutNameW
VirtualAlloc
FindResourceExA
IsValidCodePage
WriteTapemark
GetProcessVersion
wininet
InternetGoOnlineA
SetUrlCacheConfigInfoA
InternetGoOnlineW
HttpAddRequestHeadersW
FtpCommandW
InternetAutodialCallback
InternetTimeToSystemTimeA
InternetTimeFromSystemTimeW
InternetSetFilePointer
InternetAlgIdToStringA
InternetDialW
SetUrlCacheEntryInfoA
InternetGetConnectedStateExA
GetUrlCacheConfigInfoA
InternetSetCookieExW
FindFirstUrlCacheGroup
FtpRemoveDirectoryW
user32
GetWindowRgn
SetParent
MapWindowPoints
OffsetRect
RealGetWindowClassW
DefDlgProcW
EnumDesktopsA
SetDlgItemTextW
ClientThreadSetup
GetWindowTextLengthW
RegisterClassA
SetKeyboardState
SetWindowContextHelpId
IMPSetIMEW
DialogBoxParamA
IMPQueryIMEA
SetMenu
CallWindowProcA
DrawMenuBar
GetForegroundWindow
ExcludeUpdateRgn
DeviceEventWorker
CreateDesktopW
GetSysColorBrush
EnumWindows
Sections
.text Size: 723KB - Virtual size: 722KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 116KB - Virtual size: 115KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 1.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ