Static task
static1
Behavioral task
behavioral1
Sample
06a29cb992fdd4c6bdf807df43a974ed.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
06a29cb992fdd4c6bdf807df43a974ed.exe
Resource
win10v2004-20231215-en
General
-
Target
06a29cb992fdd4c6bdf807df43a974ed
-
Size
174KB
-
MD5
06a29cb992fdd4c6bdf807df43a974ed
-
SHA1
0f88c0cd3c3e82695f8086b020db7b065e44d32f
-
SHA256
2ac7885d6b3c555f74fffab866bf354e8b633789d15a6cd146dad376272a3783
-
SHA512
a7e4902c0619b67cc71f1d17659873a9eea1eebeffb56e60466e574822f497f2f6b361726be0fcdcf3beaea5068033fe4e125afe38cabaeae3f8279fb934f4a4
-
SSDEEP
3072:ehMgM3BcuxyMbisAqczF1HaCUxZeHb+nC3+fqYvBtsvJyQBDodCrWcNp2YHoP:ePuxyMbisencxZeHb+nCOfqYAvFB0dgQ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 06a29cb992fdd4c6bdf807df43a974ed
Files
-
06a29cb992fdd4c6bdf807df43a974ed.exe windows:5 windows x86 arch:x86
73a35ae57ddeed7e5d26cbf8501fefd6
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntdsapi
DsBindW
DsCrackSpn3W
DsCrackNamesW
DsFreeNameResultW
DsUnBindW
DsIsMangledDnW
shlwapi
PathIsUNCServerShareW
PathAppendW
dsprop
ADsPropCreateNotifyObj
ADsPropSetHwnd
ADsPropGetInitInfo
ADsPropShowErrorDialog
ADsPropSendErrorMessage
ADsPropSetHwndWithTitle
FindSheet
cryptui
CryptUIDlgSelectCertificateW
CryptUIDlgViewCertificateW
kernel32
GetLastError
VirtualAlloc
ntdll
RtlSubAuthorityCountSid
RtlInitUnicodeString
RtlNtStatusToDosError
RtlSubAuthoritySid
NtQuerySystemTime
RtlIdentifierAuthoritySid
version
GetFileVersionInfoW
apphelp
SetPermLayers
shell32
SHGetFolderPathW
crypt32
CertCloseStore
CryptFindOIDInfo
CertEnumCertificatesInStore
CertGetEnhancedKeyUsage
CertDuplicateCertificateContext
CertFindCertificateInStore
CertAddCertificateContextToStore
CertDuplicateStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertSaveStore
CryptDecodeObject
CertEnumSystemStore
CertControlStore
CertGetNameStringW
CertOpenStore
CryptQueryObject
CertDeleteCertificateFromStore
gdi32
SetTextColor
SetBkColor
GetDeviceCaps
GetTextExtentPoint32W
CreateFontIndirectW
DeleteObject
CreateBitmap
CreatePatternBrush
user32
RegisterWindowMessageW
SetFocus
GetWindowThreadProcessId
SendMessageW
SetScrollRange
DefWindowProcW
IsWindowEnabled
GetDlgCtrlID
LoadStringW
GetWindowRect
GetParent
GetSystemMetrics
MoveWindow
DestroyWindow
SetWindowLongW
CheckDlgButton
MessageBeep
SetWindowPos
GetDC
SetWindowContextHelpId
SetDlgItemTextW
SetForegroundWindow
ScreenToClient
DialogBoxParamW
EnableWindow
GetSysColorBrush
PostMessageW
CheckRadioButton
MessageBoxW
SendDlgItemMessageW
wsprintfW
SetScrollPos
GetWindow
EndPaint
RegisterClipboardFormatW
BeginPaint
SetCursor
MapDialogRect
OffsetRect
MessageBoxA
FindWindowExW
MapWindowPoints
InflateRect
GetDesktopWindow
EndDialog
GetWindowTextW
ShowWindow
DestroyIcon
CreateWindowExW
SystemParametersInfoW
RegisterClassW
LoadCursorW
GetDlgItemTextW
FrameRect
SetWindowTextW
SetScrollInfo
IsDlgButtonChecked
IsWindow
DrawIcon
GetWindowTextLengthW
GetWindowLongW
LoadIconW
CallWindowProcW
GetScrollInfo
DrawFocusRect
WinHelpW
ScrollWindow
ReleaseDC
GetSysColor
GetClientRect
UpdateWindow
LoadBitmapW
GetDlgItem
ole32
CoCreateInstance
StringFromIID
CoGetApartmentID
CoTaskMemAlloc
CoMarshalInterThreadInterfaceInStream
ReleaseStgMedium
StringFromCLSID
CoGetInterfaceAndReleaseStream
dnsapi
DnsNameCompareEx_W
advapi32
RegQueryValueExW
LsaQueryTrustedDomainInfoByName
LsaClose
LsaDelete
LsaLookupSids
LsaOpenTrustedDomain
AllocateAndInitializeSid
LsaQueryForestTrustInformation
InitializeSecurityDescriptor
RevertToSelf
LsaFreeMemory
LsaCreateTrustedDomainEx
ImpersonateAnonymousToken
ImpersonateLoggedOnUser
RegCloseKey
LsaOpenTrustedDomainByName
LsaOpenPolicy
GetLengthSid
LsaRetrievePrivateData
IsValidSid
CryptReleaseContext
SystemFunction041
RegCreateKeyExW
CryptAcquireContextW
RegOpenKeyExW
OpenServiceW
GetSidSubAuthorityCount
MakeSelfRelativeSD
RegSetValueExW
CryptGenRandom
LsaNtStatusToWinError
GetSecurityDescriptorDacl
EqualSid
SetNamedSecurityInfoW
SetEntriesInAclW
OpenSCManagerW
LogonUserW
BuildTrusteeWithSidW
EqualPrefixSid
GetNamedSecurityInfoW
GetSecurityDescriptorLength
InitializeAcl
BuildTrusteeWithObjectsAndSidW
GetSidIdentifierAuthority
RegDeleteKeyW
LsaSetTrustedDomainInfoByName
GetSidSubAuthority
LsaQueryTrustedDomainInfo
LsaQueryInformationPolicy
GetSidLengthRequired
LsaSetForestTrustInformation
QueryServiceStatus
GetSecurityDescriptorControl
CloseServiceHandle
SystemFunction040
FreeSid
GetExplicitEntriesFromAclW
credui
CredUIInitControls
CredUIParseUserNameW
Sections
.text Size: 512B - Virtual size: 400B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 78KB - Virtual size: 78KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 28B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.data Size: 75KB - Virtual size: 848KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE