Static task
static1
Behavioral task
behavioral1
Sample
4e0ba5365dc6105ecd0a98ad18244ca5.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
4e0ba5365dc6105ecd0a98ad18244ca5.exe
Resource
win10v2004-20231215-en
General
-
Target
4e0ba5365dc6105ecd0a98ad18244ca5
-
Size
114KB
-
MD5
4e0ba5365dc6105ecd0a98ad18244ca5
-
SHA1
4114c94b2e134390596dae8efe350bd72fc32c36
-
SHA256
3bc934d6097c4562588c37391ab3786d3f9df44a0afa010a888e3784cab6f7be
-
SHA512
9d30cc6679e7433d1713e46266a2939ebe1ed410675b244bda3e1b1878b365354900f4b36b76f2ef7b4d7875e188f4af53e61327df9cd218c496aa3d5be4805f
-
SSDEEP
3072:lUzJv+CxeOPpFeXoRUPmSFJFROitd1Wvmtf:lUzECxeORFeqelJFROYd17t
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4e0ba5365dc6105ecd0a98ad18244ca5
Files
-
4e0ba5365dc6105ecd0a98ad18244ca5.exe windows:5 windows x86 arch:x86
45575082f99858de056c522c9d01820c
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
free
_exit
strcpy
printf
abort
__p__fmode
sprintf
__p__commode
strcmp
__setusermatherr
_except_handler3
_adjust_fdiv
fseek
fclose
_initterm
fopen
_XcptFilter
_acmdln
memmove
exit
_onexit
remove
__getmainargs
strncpy
calloc
strlen
fwrite
fread
malloc
__set_app_type
kernel32
lstrcmpA
LoadLibraryA
GetSystemDirectoryA
GetModuleHandleA
InterlockedCompareExchange
SetFileAttributesA
GetProcAddress
GetStartupInfoW
GetCommandLineW
SetCurrentDirectoryA
VirtualProtect
GetModuleHandleW
GetTimeZoneInformation
ExitProcess
FreeEnvironmentStringsW
gdi32
StartPage
GetTextColor
AbortDoc
GetCharacterPlacementA
CreateICW
GetStretchBltMode
CreateEllipticRgn
StretchBlt
CreateCompatibleBitmap
GetTextExtentPointA
SetBrushOrgEx
SetWinMetaFileBits
LPtoDP
GetTextFaceA
GdiFlush
SetTextAlign
GetMetaFileBitsEx
Chord
EnumFontsA
ole32
IIDFromString
CoUninitialize
CoGetClassObject
CoTaskMemFree
CoReleaseMarshalData
OleDraw
CreateILockBytesOnHGlobal
CreateItemMoniker
CoCreateInstance
advapi32
QueryServiceStatus
RegQueryValueExA
InitiateSystemShutdownA
CryptDestroyHash
RegCreateKeyA
CloseServiceHandle
OpenProcessToken
RegQueryValueA
RegEnumValueW
oleaut32
SafeArrayUnaccessData
SafeArrayPtrOfIndex
GetActiveObject
GetErrorInfo
SafeArrayPutElement
SetErrorInfo
VariantCopy
SysAllocStringByteLen
SysFreeString
SysAllocStringLen
SafeArrayGetElement
LoadTypeLib
comctl32
ImageList_Create
ImageList_SetOverlayImage
ImageList_Add
ImageList_Destroy
ImageList_SetImageCount
InitCommonControls
PropertySheetA
ImageList_DragLeave
ImageList_Remove
ImageList_Draw
ImageList_GetIconSize
ImageList_SetDragCursorImage
user32
MessageBoxA
GetParent
GetMenuItemID
MapWindowPoints
GetScrollInfo
GetDC
OemToCharA
DispatchMessageA
DestroyCursor
GetSubMenu
shell32
SHFileOperationA
SHCreateDirectoryExA
SHAppBarMessage
ExtractIconExA
SHCreateDirectoryExW
SHBrowseForFolderA
Sections
.text Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 44KB - Virtual size: 62KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 63KB - Virtual size: 62KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ