Static task
static1
Behavioral task
behavioral1
Sample
0d08b738db681ae729507b7c99534ff3.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
0d08b738db681ae729507b7c99534ff3.exe
Resource
win10v2004-20231215-en
General
-
Target
0d08b738db681ae729507b7c99534ff3
-
Size
48KB
-
MD5
0d08b738db681ae729507b7c99534ff3
-
SHA1
bb8bc58083b0b0c03e74b8fe574ff707e640b05e
-
SHA256
fc857d14f720ea815b103c2c3b074a431b4d2344912775fe430c6e8f51865a4f
-
SHA512
0c9642cf8fb101e2ae22272375a8d307e1b97a768280615e64df2b9feb8cec924212c89f85680b68fbbfdc9e11da77b794a4d6347d526fc0e51d9fe97097e385
-
SSDEEP
768:ommUBZ8eenMGxemUS2lJsfu2/H6wM7mj+7LCtKdFVT+zMowe2XGe3rXzPVPpqwip:VZ8hnMGxaJsRHIKK7iKjVTkWbrTVn5v
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0d08b738db681ae729507b7c99534ff3
Files
-
0d08b738db681ae729507b7c99534ff3.exe windows:5 windows x86 arch:x86
263e23c4a63ca4af7f5d93a51c17eabf
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
RegCloseKey
RegDeleteValueA
CryptReleaseContext
RegQueryValueExA
DuplicateTokenEx
CryptCreateHash
CryptGetHashParam
RegSetValueExA
shlwapi
PathMatchSpecW
PathFileExistsW
PathCombineW
PathFindFileNameW
StrCmpNIA
wvnsprintfW
wnsprintfW
StrStrW
SHDeleteKeyA
PathRemoveFileSpecW
wnsprintfA
wvnsprintfA
Sections
.anwtgt Size: 39KB - Virtual size: 61KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.arsz Size: 2KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tqjwv Size: 5KB - Virtual size: 76KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ