Static task
static1
Behavioral task
behavioral1
Sample
0f0f63f6c107eff9ba2ffb16d7221762.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
0f0f63f6c107eff9ba2ffb16d7221762.exe
Resource
win10v2004-20231215-en
General
-
Target
0f0f63f6c107eff9ba2ffb16d7221762
-
Size
12KB
-
MD5
0f0f63f6c107eff9ba2ffb16d7221762
-
SHA1
b77a1436eb0611e36c21ddddaf943dc4aacd8bb9
-
SHA256
ee49ad1a67ccd6cd2d6efdb064e67c0afb154aa4a0564a3778efbfd5ea68b649
-
SHA512
2963a3db7492c20bb5cd150fd6501614c5a2b82e9e6b9184c22ac94b5a88e1ffabb62ee4aca239d66b9c8255dbd61aefb8a2185e05f4aa792239dee307534d50
-
SSDEEP
192:+I5PaCa+psV4c2hrcqaYrqKv+z4gNuSFLLf9h7ONdPGp3:+MfaZmUqaQqKvo7NtLLfmNduV
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0f0f63f6c107eff9ba2ffb16d7221762
Files
-
0f0f63f6c107eff9ba2ffb16d7221762.exe windows:4 windows x86 arch:x86
c22ea1ee3a19dc584ff47584d2a03418
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CreateThread
lstrcmpA
GetModuleFileNameA
SetPriorityClass
GetCurrentProcess
WriteFile
CreateFileA
LockResource
LoadResource
Sleep
CopyFileA
GetSystemTime
GetCurrentProcessId
GetProcAddress
GetModuleHandleA
GetVersion
ExitProcess
lstrlenA
GetSystemDirectoryA
GetVersionExA
CreateProcessA
CloseHandle
FindResourceA
TerminateProcess
user32
wsprintfA
advapi32
RegFlushKey
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegCreateKeyA
ws2_32
send
connect
htons
inet_addr
gethostbyname
socket
accept
inet_ntoa
recv
bind
htonl
WSAGetLastError
__WSAFDIsSet
ioctlsocket
select
WSAStartup
closesocket
listen
Sections
.text Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ