Static task
static1
Behavioral task
behavioral1
Sample
459e0fee3bf11503aa7d1595134a0d45.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
459e0fee3bf11503aa7d1595134a0d45.exe
Resource
win10v2004-20231215-en
General
-
Target
459e0fee3bf11503aa7d1595134a0d45
-
Size
303KB
-
MD5
459e0fee3bf11503aa7d1595134a0d45
-
SHA1
81d77b9461b97841bb034c5d8ad9b5759f48789b
-
SHA256
cb8687c4c9240a127079cd0936a0b17a35890f30b08be9461c93cc1fc4971ab0
-
SHA512
2636f10944480d331e25e11b7ef4107e0593bbacf6252b91ae95656fafbce734d299b304d16cca901f86a3b22c8cf472332d09c5c838d447cfd1ac95b0931695
-
SSDEEP
6144:NX/CnRHZWjLwqibr6vL6nTLvpqimellMAV5qHQJ3fK2fMXC6894iVFtY:NX/2R5YMnbmvGTNFllMC5XBfr79k
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 459e0fee3bf11503aa7d1595134a0d45
Files
-
459e0fee3bf11503aa7d1595134a0d45.exe windows:4 windows x86 arch:x86
b93aaa4ea0fe380d658e914a24b6f84b
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetLocaleInfoA
GetACP
SetEnvironmentVariableA
EnumSystemLocalesA
RtlUnwind
HeapSize
EnterCriticalSection
GetCurrentProcess
GetTimeFormatA
VirtualAlloc
SetUnhandledExceptionFilter
MultiByteToWideChar
HeapReAlloc
GetStartupInfoW
WriteFileEx
GetStartupInfoA
GetEnvironmentStringsW
SetLastError
GetModuleFileNameA
GetLastError
HeapDestroy
ExitProcess
GetModuleFileNameW
HeapCreate
InterlockedIncrement
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetDateFormatA
IsValidLocale
QueryPerformanceCounter
TerminateThread
TlsGetValue
CompareStringA
TlsFree
WideCharToMultiByte
GetCurrentThread
HeapAlloc
GetStringTypeA
HeapFree
EnumTimeFormatsW
Sleep
GetCurrentProcessId
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
UnhandledExceptionFilter
IsValidCodePage
GetCommandLineW
GetModuleHandleW
InterlockedDecrement
GetFileType
LeaveCriticalSection
TlsSetValue
GetSystemTime
FreeEnvironmentStringsW
GetModuleHandleA
GetWindowsDirectoryW
GetLocaleInfoW
CompareStringW
LocalFree
TlsAlloc
ExpandEnvironmentStringsW
ReadConsoleA
GetCPInfo
IsDebuggerPresent
GetProcAddress
GetOEMCP
GetStdHandle
FreeLibrary
SetConsoleCtrlHandler
InterlockedExchange
LCMapStringA
TerminateProcess
GetStringTypeW
VirtualQuery
WriteFile
VirtualFree
FoldStringA
SetHandleCount
GetCurrentThreadId
LCMapStringW
advapi32
RegSetValueW
RegSaveKeyA
RegQueryInfoKeyA
LookupSecurityDescriptorPartsA
CryptSetProviderA
LookupPrivilegeValueA
RegSetValueExW
RegSetKeySecurity
CryptSetProviderW
CryptGetKeyParam
CryptCreateHash
CryptEncrypt
GetUserNameW
CryptHashData
RegDeleteKeyA
CryptSetHashParam
InitializeSecurityDescriptor
RegRestoreKeyA
wininet
FtpCommandW
FtpPutFileW
InternetCombineUrlA
FtpRenameFileA
FindFirstUrlCacheContainerA
InternetGoOnlineA
FindCloseUrlCache
GopherGetLocatorTypeW
InternetFindNextFileW
FtpRemoveDirectoryA
InternetGoOnline
IsUrlCacheEntryExpiredA
InternetDial
Sections
.text Size: 159KB - Virtual size: 158KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 141KB - Virtual size: 141KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ