Static task
static1
Behavioral task
behavioral1
Sample
6f439361a7bd7346a4ea64170fd4356b.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6f439361a7bd7346a4ea64170fd4356b.exe
Resource
win10v2004-20231215-en
General
-
Target
6f439361a7bd7346a4ea64170fd4356b
-
Size
842KB
-
MD5
6f439361a7bd7346a4ea64170fd4356b
-
SHA1
48e01c76a796589831154654a845cef946c5e195
-
SHA256
52f108dff439550ad3e0da4e3995daa5b5a725afdf87384092254f70dbb6a16b
-
SHA512
e3d2624d6e210cca34b5546ab28642139ecc564cc5c6b61b7d8cd19a37949aa2006bfcfe28041de9b36f1d8bd232012b4a3e0b45acea07495d8c9f1ef114d8b3
-
SSDEEP
24576:M8umfwlb7EnPU86G/D5M1kG7wTHOa4GfULM1q/ck4CZ/NxrtqttG7j:G8wx76TND619cTHO7GWmFk4CtNFWqj
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 6f439361a7bd7346a4ea64170fd4356b
Files
-
6f439361a7bd7346a4ea64170fd4356b.exe windows:5 windows x86 arch:x86
7d3c17f888c111a804744e9c0e38d3d0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
LZStart
HeapUnlock
GenerateConsoleCtrlEvent
EnumTimeFormatsW
RegisterConsoleIME
ConvertDefaultLocale
FindCloseChangeNotification
FindActCtxSectionStringA
GlobalLock
GetNamedPipeInfo
InitializeCriticalSection
GetTimeFormatW
WriteConsoleA
HeapSize
GlobalUnlock
GetAtomNameA
WritePrivateProfileStructW
_hwrite
ConvertFiberToThread
GetSystemDirectoryW
SetConsoleInputExeNameW
SetVolumeLabelW
GetConsoleAliasExesLengthA
SetTimeZoneInformation
EnumTimeFormatsA
FindFirstFileExA
UTUnRegister
GetPrivateProfileSectionW
GetConsoleCommandHistoryLengthA
OpenFileMappingW
TransmitCommChar
MoveFileExA
FindResourceExA
SetMailslotInfo
VirtualAlloc
SetComputerNameExW
EndUpdateResourceA
IsValidLocale
GetNamedPipeHandleStateA
Module32NextW
GetPriorityClass
ConvertThreadToFiber
LoadLibraryA
ntdll
ZwQueryInformationThread
NtCloseObjectAuditAlarm
NtRequestWaitReplyPort
RtlAddAuditAccessAceEx
RtlGetElementGenericTable
NtMapUserPhysicalPagesScatter
NtOpenSymbolicLinkObject
RtlDeleteSecurityObject
NtOpenTimer
ZwRaiseException
DbgUiSetThreadDebugObject
ZwFlushInstructionCache
ZwAddBootEntry
RtlLookupElementGenericTable
RtlFreeUnicodeString
NtClose
RtlUpcaseUnicodeStringToAnsiString
RtlClearAllBits
RtlTimeToElapsedTimeFields
NtTranslateFilePath
NtQueryValueKey
RtlCreateUserThread
ZwReleaseMutant
RtlUnicodeStringToOemString
user32
BroadcastSystemMessage
GetCursorInfo
SubtractRect
GetUserObjectSecurity
SetDeskWallpaper
BroadcastSystemMessageExA
SendMessageTimeoutA
CreateIconFromResourceEx
InSendMessage
MonitorFromPoint
UserLpkPSMTextOut
CallWindowProcA
GetTaskmanWindow
SetScrollInfo
PaintDesktop
SendMessageCallbackA
RegisterRawInputDevices
CharUpperBuffA
LoadAcceleratorsW
RegisterUserApiHook
RegisterServicesProcess
MapVirtualKeyExW
MB_GetString
OemToCharA
dhcpcsvc
DhcpReleaseIpAddressLease
DhcpFallbackRefreshParams
DhcpUndoRequestParams
DhcpNotifyConfigChangeEx
DhcpHandlePnPEvent
DhcpLeaseIpAddressEx
DhcpRemoveDNSRegistrations
McastReleaseAddress
McastGenUID
DhcpRegisterOptions
DhcpRequestOptions
DhcpEnumClasses
DhcpRequestParams
DhcpCApiCleanup
DhcpStaticRefreshParams
DhcpAcquireParametersByBroadcast
DhcpCApiInitialize
DhcpDeRegisterParamChange
DhcpRegisterParamChange
DhcpLeaseIpAddress
DhcpReleaseIpAddressLeaseEx
crtdll
_spawnve
_ismbclegal
abs
_ismbcsymbol
fprintf
_strnicmp
mbstowcs
_ltow
_ismbcl0
_execvpe
_CIpow
_mkdir
_locking
vprintf
_vsnprintf
_stricmp
tan
strcat
msvcrt
exit
Sections
.text Size: 472KB - Virtual size: 471KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 363KB - Virtual size: 1.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ