Static task
static1
Behavioral task
behavioral1
Sample
5d7e2edeb4f2985d1f1d39a660fa3965.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
5d7e2edeb4f2985d1f1d39a660fa3965.exe
Resource
win10v2004-20231215-en
General
-
Target
5d7e2edeb4f2985d1f1d39a660fa3965
-
Size
20.0MB
-
MD5
5d7e2edeb4f2985d1f1d39a660fa3965
-
SHA1
166d533ac055bd9f3cea1fc7bfc08f655283fe3d
-
SHA256
4bb64956a3b7335dcd09f9f4374080af58424f3bcbe19c858a4b8afee75770ad
-
SHA512
2ea0ca3b680d7f378f40d93dc1aa4e0fa5869fdbd6d1f727c5c80064002b7a2aee2d30a86d79f1033935bd89e3d21776e80a589fc21de0788c0eb8b453aaa384
-
SSDEEP
393216:EucqsXmmsavsR2lZcg+df0lqGGY4iAEeuvthFNnC9dFC3xzwDY:EupsDvIOmniANuLFN0K3xzJ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5d7e2edeb4f2985d1f1d39a660fa3965
Files
-
5d7e2edeb4f2985d1f1d39a660fa3965.exe windows:5 windows x86 arch:x86
5666141a4d7a084aa40684d0e6bea4ee
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
urlmon
URLDownloadToFileW
kernel32
MoveFileExW
MoveFileW
LocalFree
GetCurrentThreadId
DeleteCriticalSection
RaiseException
HeapAlloc
GetProcessHeap
HeapFree
CreateEventA
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
InitializeCriticalSection
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
lstrcmpiW
FlushInstructionCache
GetCurrentProcess
lstrcpyW
CompareStringW
GetACP
GetVersionExW
CreateDirectoryW
SetEvent
CreateEventW
TerminateThread
GetExitCodeThread
CreateWaitableTimerA
SystemTimeToFileTime
ResumeThread
ResetEvent
OpenEventA
GetCurrentProcessId
GetSystemTimeAsFileTime
FormatMessageA
WaitForSingleObject
FindResourceW
CreateFileA
GetFileAttributesExW
LCMapStringW
LCMapStringA
GetStringTypeExA
GetUserDefaultLCID
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetQueuedCompletionStatus
TlsAlloc
PostQueuedCompletionStatus
Sleep
SetWaitableTimer
WaitForMultipleObjects
QueueUserAPC
TlsFree
TlsSetValue
TlsGetValue
InterlockedExchangeAdd
InterlockedCompareExchange
CreateIoCompletionPort
SleepEx
TerminateProcess
GetExitCodeProcess
GetStartupInfoW
CreateProcessW
FindClose
FindFirstFileW
FindNextFileW
RemoveDirectoryW
GetModuleHandleW
FindResourceExW
LoadResource
LockResource
SizeofResource
WriteFile
GetLastError
CreateFileW
CloseHandle
DeleteFileW
GetTickCount
lstrlenW
SetLastError
MulDiv
WideCharToMultiByte
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
InterlockedExchange
lstrlenA
GetFileAttributesW
FormatMessageW
ExitThread
CreateThread
GetConsoleCP
GetConsoleMode
LoadLibraryW
GetProcAddress
GetCPInfo
GetStringTypeW
GlobalAlloc
GlobalLock
SetUnhandledExceptionFilter
RtlUnwind
GlobalUnlock
FreeResource
SetEndOfFile
GetLocaleInfoW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
SetFilePointer
ReadFile
GetStartupInfoA
GetFileType
SetHandleCount
HeapCreate
IsValidCodePage
GetOEMCP
GetModuleFileNameA
GetStdHandle
GetModuleHandleA
ExitProcess
UnhandledExceptionFilter
user32
LoadStringA
UnregisterClassA
DrawFocusRect
FillRect
IsWindowEnabled
GetSysColor
GetFocus
GetDlgCtrlID
GetCapture
ReleaseCapture
SetFocus
SetCapture
UpdateWindow
InvalidateRect
EndPaint
BeginPaint
SetRectEmpty
PostThreadMessageW
IsDialogMessageW
DialogBoxParamW
GetActiveWindow
KillTimer
CreateWindowExW
ReleaseDC
IsWindow
OffsetRect
GetClassNameW
IsWindowVisible
ShowWindow
ScreenToClient
MoveWindow
GetWindowTextLengthW
GetWindowTextW
GetSystemMetrics
LoadImageW
CharNextW
DestroyWindow
MessageBoxW
GetWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
SetWindowPos
GetDlgItem
SetTimer
SetWindowTextW
EndDialog
GetWindowLongW
SetWindowLongW
CallWindowProcW
DefWindowProcW
PtInRect
GetParent
GetDC
GetClientRect
SendMessageW
DrawTextW
GetCursorPos
GetDesktopWindow
MapWindowPoints
LoadCursorW
SetCursor
wsprintfW
gdi32
SetViewportOrgEx
CreateCompatibleDC
BitBlt
DeleteObject
GetStockObject
SetTextColor
SelectObject
DeleteDC
GetDeviceCaps
CreateFontIndirectW
GetObjectW
SetBkMode
CreateCompatibleBitmap
advapi32
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
shell32
ShellExecuteW
ShellExecuteExW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetSpecialFolderPathW
CommandLineToArgvW
ole32
CoTaskMemRealloc
CreateStreamOnHGlobal
StringFromCLSID
CoCreateGuid
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize
oleaut32
VarUI4FromStr
SysAllocString
VariantClear
shlwapi
PathIsURLW
comctl32
InitCommonControlsEx
_TrackMouseEvent
gdiplus
GdipCloneImage
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipLoadImageFromStream
GdipLoadImageFromFile
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipDrawImageRectI
GdipCreateFromHDC
GdipDeleteGraphics
wininet
InternetCloseHandle
InternetOpenW
InternetOpenUrlW
InternetReadFile
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
ws2_32
ioctlsocket
getsockname
getsockopt
setsockopt
connect
bind
listen
accept
__WSAFDIsSet
freeaddrinfo
WSASetLastError
WSACleanup
WSAStartup
WSARecv
WSASend
WSASocketW
select
getaddrinfo
closesocket
inet_addr
WSAGetLastError
Sections
.text Size: 662KB - Virtual size: 662KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 111KB - Virtual size: 110KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 21KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 2B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 21.4MB - Virtual size: 21.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 93KB - Virtual size: 92KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ