Static task
static1
Behavioral task
behavioral1
Sample
0cc883ff2ada45e8358cc466f833af14.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
0cc883ff2ada45e8358cc466f833af14.exe
Resource
win10v2004-20231215-en
General
-
Target
0cc883ff2ada45e8358cc466f833af14
-
Size
894KB
-
MD5
0cc883ff2ada45e8358cc466f833af14
-
SHA1
266498978cb3e0f2048a1b85f05e521b5941a37e
-
SHA256
2382886baccbe0c78fc7c2813d3817ef45877139c7288a9b10cce28683935d45
-
SHA512
3b0b97c0412d7344e78a40efbb8189beafea1fab73fa2efeaab0015398550f07e08d3009196ab3d849b907daf1655ea22d17b31456208136ca4150f4f2402333
-
SSDEEP
12288:949dUFlzDNxfxkdI0tf/rXQ7DE5BCkeVQ+MwaAqVW0FDntrt48JyUHTT2ogTdNDR:K9uHzJWfLtC7BM7AqLTlVzTg431OQCt
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0cc883ff2ada45e8358cc466f833af14
Files
-
0cc883ff2ada45e8358cc466f833af14.exe windows:5 windows x86 arch:x86
240f3c8b5073e1eaae9777885f76451b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
WriteFile
WideCharToMultiByte
ReadFile
CreateFileW
MultiByteToWideChar
GetCurrentDirectoryW
GetFileType
CloseHandle
LocalFree
FormatMessageW
GetSystemTimeAsFileTime
SetCurrentDirectoryW
SetFileAttributesW
GetFileAttributesW
LoadLibraryW
GetProcAddress
FreeLibrary
OutputDebugStringW
GetLastError
DeleteFileW
MoveFileW
MoveFileExW
FindResourceW
LoadResource
SizeofResource
GetTempPathW
GetTempFileNameW
GetCommandLineW
GetModuleHandleW
RemoveDirectoryW
GetCurrentThreadId
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
LockResource
SetFileTime
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
DeleteCriticalSection
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LCMapStringW
RtlUnwind
LoadLibraryExW
LeaveCriticalSection
EnterCriticalSection
FreeEnvironmentStringsW
FlushFileBuffers
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetStringTypeW
CreateDirectoryW
GetCurrentProcess
SystemTimeToFileTime
SetFilePointer
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetStartupInfoW
TlsFree
FindResourceExW
DosDateTimeToFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
ExitProcess
GetModuleHandleExW
GetStdHandle
GetModuleFileNameW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
user32
wsprintfW
LoadIconW
PostQuitMessage
SetForegroundWindow
GetWindowThreadProcessId
GetForegroundWindow
IsWindowVisible
EndPaint
BeginPaint
DefWindowProcW
MessageBoxW
CreateWindowExW
RegisterClassExW
GetSysColorBrush
LoadCursorW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
LoadStringW
SendMessageW
AttachThreadInput
advapi32
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
shell32
CommandLineToArgvW
ShellExecuteExW
SHFileOperationW
SHGetFolderPathAndSubDirW
ole32
CoTaskMemFree
shlwapi
PathFileExistsW
comctl32
InitCommonControlsEx
Sections
.text Size: 92KB - Virtual size: 91KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 32KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 752KB - Virtual size: 752KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ