func1
func2
start
Static task
static1
Behavioral task
behavioral1
Sample
1ddf00dcc6828378acab1a31fb31a2ea.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
1ddf00dcc6828378acab1a31fb31a2ea.exe
Resource
win10v2004-20231215-en
Target
1ddf00dcc6828378acab1a31fb31a2ea
Size
69KB
MD5
1ddf00dcc6828378acab1a31fb31a2ea
SHA1
b88a8f8393829346dd28429852db78f150dcccba
SHA256
607f109c9809ae9b16aad3a7cf6181f36b312b1769a9bf1fe107f346be841534
SHA512
b6b0fced1b0fcd244c9b298abb1decfd14b101ad6244e653ba5d57eabde63d8b0ef2f3abbd2eac2f80398deae4b55cc7202479e70dc4accdecbdf1c9c9ff2f75
SSDEEP
768:5ZLJfaE5A6CO3O1pJiX9iMDwTWGTOcP26PeJLCAnAMiyH39Y3wYo3cfWGwKYf0oe:/JfkE3spGnnRiyH39Y3I3YWjrcck955B
Checks for missing Authenticode signature.
Processes:
resource |
---|
1ddf00dcc6828378acab1a31fb31a2ea |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
VirtualFree
VirtualAlloc
ExitProcess
VirtualProtect
lstrcmpiA
GetProcAddress
IsBadReadPtr
LoadLibraryA
CreateThread
GetModuleHandleA
DefWindowProcA
SendMessageA
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
SetTimer
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
func1
func2
start
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ