Behavioral task
behavioral1
Sample
6143734a8c9cae36bfde4f4b67f3c604.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
6143734a8c9cae36bfde4f4b67f3c604.exe
Resource
win10v2004-20231215-en
General
-
Target
6143734a8c9cae36bfde4f4b67f3c604
-
Size
94KB
-
MD5
6143734a8c9cae36bfde4f4b67f3c604
-
SHA1
b31724ee6f803e3831f5d6727711044168fe06d3
-
SHA256
7da3029263bfbb0699119a715ce22a3941cf8100428fd43c9e1e46bf436ca687
-
SHA512
7e2bde82857b7ccbbee13fa4e914fa5e0b9d47b8ca6c3e662e634b7c5d5f171dbbc28769183585ecb7b1ddc766341ffb0dd054fbdd4fcffa4302da0cd4d8794b
-
SSDEEP
1536:ZTJ91Cl2CAA8zlEPC++OLliyoqMGGVA0agvHE7OatqYFCcY0b5DeNUfJ:P91Cl2CL8zi1iyoFW0aSkiS/Y0bReN0J
Malware Config
Extracted
arkei
cookreceipts.fun/some2.php
Signatures
-
Arkei family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 6143734a8c9cae36bfde4f4b67f3c604
Files
-
6143734a8c9cae36bfde4f4b67f3c604.exe windows:5 windows x86 arch:x86
3e2c7440b2fc9e4b039e6fa8152ac8fd
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
_mbsicmp
rand
srand
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
strncpy
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
strstr
_putenv
getenv
??3@YAXPAX@Z
strtok
__setusermatherr
??2@YAPAXI@Z
memcpy
memset
kernel32
GetModuleHandleA
CreateFileMappingW
CreateFileW
MultiByteToWideChar
GetStartupInfoA
Sections
.text Size: 70KB - Virtual size: 69KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ