Static task
static1
Behavioral task
behavioral1
Sample
1d096d571146aafd23c568ac64c0ec60.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
1d096d571146aafd23c568ac64c0ec60.exe
Resource
win10v2004-20231222-en
General
-
Target
1d096d571146aafd23c568ac64c0ec60
-
Size
3KB
-
MD5
1d096d571146aafd23c568ac64c0ec60
-
SHA1
59ba56a9190232c24c75571dc747c2f53653c999
-
SHA256
4aaadba41b3e746d1850a8528bf233ad8801dbc545a8278df530b492da8d14fb
-
SHA512
1209395fdd8079df5fa48330028465acf0c7acac298bd278e82e8c4579c10f05c75c5205e033dee69783a41c69357b61a62c0af3f86e099c947c59babd9bf784
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1d096d571146aafd23c568ac64c0ec60
Files
-
1d096d571146aafd23c568ac64c0ec60.exe windows:4 windows x86 arch:x86
6f5f54c7326540c7a7c3d7b8a4f20150
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
lstrcpynA
HeapAlloc
GetProcessHeap
GetLastError
OpenProcess
Process32Next
CloseHandle
Process32First
CreateToolhelp32Snapshot
GetCurrentProcessId
CreateEventA
DuplicateHandle
GetCurrentProcess
HeapFree
lstrcmpiA
advapi32
GetTokenInformation
LookupAccountSidA
OpenProcessToken
ntdll
NtQueryObject
RtlEqualUnicodeString
RtlInitUnicodeString
NtQuerySystemInformation
Sections
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE