Static task
static1
Behavioral task
behavioral1
Sample
61cf4a03585f9b486a643fddd226aba9.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
61cf4a03585f9b486a643fddd226aba9.exe
Resource
win10v2004-20231215-en
General
-
Target
61cf4a03585f9b486a643fddd226aba9
-
Size
272KB
-
MD5
61cf4a03585f9b486a643fddd226aba9
-
SHA1
bb99fe4851192842642e82bca264bb99471ee921
-
SHA256
ea672151ce97abb91065a2281fcfed12ea184cfa151514649422eaae672e4dd4
-
SHA512
25156fcad8f9c3dbf76bbbe7b5ae62653e93a789ac417e735ddd451cf8beec6a96e089bb658ee9fbddd35797dba88447578ce99a49e6329f3c2d39b497453784
-
SSDEEP
6144:wwy2zYnNmaYwU7T7On4UsdS/BzhvyImGFrvE3XnhMfE:UNmaW23BZyvGFrvSnh
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 61cf4a03585f9b486a643fddd226aba9
Files
-
61cf4a03585f9b486a643fddd226aba9.exe windows:4 windows x86 arch:x86
4c739092cd0a6d0cfbd4761ac1a06113
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
FindFirstFileW
DeleteCriticalSection
GlobalGetAtomNameA
InitializeCriticalSection
GetPrivateProfileIntW
MultiByteToWideChar
lstrlenW
GetVersionExW
WritePrivateProfileStringW
FreeLibrary
LoadResource
GetPrivateProfileStringW
FindClose
GetModuleHandleW
LoadLibraryA
LockResource
EnumResourceTypesA
GlobalSize
LoadLibraryW
GetDllDirectoryW
GetTickCount
MulDiv
GetModuleFileNameW
GetVersionExA
GetProcAddress
Sleep
GetLocaleInfoW
shell32
DllGetVersion
CommandLineToArgvW
SHGetFolderPathW
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteW
ShellExecuteExA
ShellExecuteExW
SHFileOperationW
SHGetFileInfoA
Shell_NotifyIconA
ole32
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
Sections
.text Size: 113KB - Virtual size: 112KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 137KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 156KB - Virtual size: 155KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ