Static task
static1
Behavioral task
behavioral1
Sample
097ebc3d2a480a844014b49f99c0d5fd.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
097ebc3d2a480a844014b49f99c0d5fd.exe
Resource
win10v2004-20231215-en
General
-
Target
097ebc3d2a480a844014b49f99c0d5fd
-
Size
160KB
-
MD5
097ebc3d2a480a844014b49f99c0d5fd
-
SHA1
55057f484110fa9c04e3584ef29505dfee208ffa
-
SHA256
08b4954e4317eafa94e8c2fdf8258fceeba41b153990007699f9494768d87fad
-
SHA512
ad3d65ed80081d5a18c4e6e3bb739d30c9123ea91c4ef9aa1b121f496fc9fc8c00e7394274dcd49f268c0200395d64e5a9a98413a10992cb8eedd9472f9274f1
-
SSDEEP
3072:0kg2Q6DU65i1E6ls1fTewOBDVicq70Oe46Gu7FbGCkK7ieTjiNKcyx:Hg56Q65j5TewOBhici0O9ju1bdPjig
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 097ebc3d2a480a844014b49f99c0d5fd
Files
-
097ebc3d2a480a844014b49f99c0d5fd.exe windows:4 windows x86 arch:x86
42606a0954c03d1f3a8b690becd1d780
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
InitializeCriticalSection
InterlockedExchange
WaitForSingleObjectEx
GetVersionExA
SetEvent
TryEnterCriticalSection
SetFilePointer
RaiseException
GetModuleFileNameW
CreateFileA
FreeLibrary
LocalFree
CloseHandle
InterlockedExchangeAdd
SleepEx
GetModuleHandleA
WaitForSingleObject
ReadFile
InterlockedCompareExchange
FindCloseChangeNotification
GetFileSize
CreateThread
RegisterWaitForSingleObject
SetFilePointerEx
VirtualAlloc
FindClose
GetStartupInfoA
advapi32
RegCreateKeyExA
IsValidSid
RegDeleteKeyA
SetSecurityDescriptorDacl
LookupAccountSidA
RegQueryValueExA
CheckTokenMembership
RegCreateKeyW
OpenThreadToken
RegOpenKeyExA
AllocateAndInitializeSid
GetTokenInformation
RegCloseKey
msi
ord223
msvcrt
_onexit
atoi
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit
Sections
.text Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 132KB - Virtual size: 236KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 12KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ