Static task
static1
Behavioral task
behavioral1
Sample
1895fa2e2252068cfcaa78464e9e88fc.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
1895fa2e2252068cfcaa78464e9e88fc.exe
Resource
win10v2004-20231215-en
General
-
Target
1895fa2e2252068cfcaa78464e9e88fc
-
Size
749KB
-
MD5
1895fa2e2252068cfcaa78464e9e88fc
-
SHA1
acb67764bcff488fea018b19fa7a16389ca3e93d
-
SHA256
ce63f5883e9bd9ece8bb4d866fa3e5752bc4987b92b062e7fda4ceae70750811
-
SHA512
3354801452b8d6e701f3eb90dcf19f8e3dcba88b447efb3f5cd7b3ff0af6c65b9a8681cfd7741619608a3b2b6c83f056140e5ac21edb788e9895cb8ee1ccd2ee
-
SSDEEP
12288:nw+1zlXEcEVvsoRGiZ9WvCx/QAy+o9exJp3VcbrPJpjjblv6u5CZZFoVXS1vPVsI:nRZzEdso0iZ9WvBAyX0hFcbLJ1jZvvor
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1895fa2e2252068cfcaa78464e9e88fc
Files
-
1895fa2e2252068cfcaa78464e9e88fc.exe windows:4 windows x86 arch:x86
f5645cf6ae6e10cf8a112b3b40d33430
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
comctl32
ImageList_Copy
ImageList_GetDragImage
DrawStatusTextA
InitCommonControlsEx
ImageList_GetBkColor
ImageList_LoadImage
InitMUILanguage
ImageList_Create
ImageList_EndDrag
GetEffectiveClientRect
user32
GetDoubleClickTime
EnumDisplaySettingsW
RegisterClassExA
RegisterDeviceNotificationW
CreateWindowExA
GetDlgItemTextA
wvsprintfA
GetWindowInfo
GetInputDesktop
DestroyWindow
EmptyClipboard
RegisterClassA
DeleteMenu
SetMenuContextHelpId
DrawMenuBar
SetWindowRgn
RegisterClipboardFormatA
DefWindowProcW
UnregisterClassW
ScrollDC
GetGuiResources
GetMenuStringW
SetDebugErrorLevel
EnumDisplayMonitors
EndMenu
EnumPropsExW
CreateWindowExW
DestroyIcon
UnhookWinEvent
EnumDisplaySettingsExW
MessageBoxW
ShowWindow
AdjustWindowRectEx
gdi32
CreateFontIndirectW
GetCurrentObject
PlgBlt
AngleArc
SetGraphicsMode
BitBlt
PtInRegion
FlattenPath
GetObjectA
SetWindowOrgEx
GetCharABCWidthsA
PolyTextOutW
GetGraphicsMode
GdiPlayScript
CreateHatchBrush
GetOutlineTextMetricsW
ResetDCW
EnumFontsA
FrameRgn
Pie
SetPaletteEntries
PolyPolyline
GetWinMetaFileBits
SetBkColor
GetColorAdjustment
kernel32
FreeEnvironmentStringsW
WritePrivateProfileSectionA
GetEnvironmentStrings
SetConsoleCtrlHandler
GetACP
OutputDebugStringA
ReleaseMutex
CreateDirectoryW
GetUserDefaultLCID
GetCommandLineA
VirtualProtect
ReadFile
GetCPInfo
ReadConsoleOutputCharacterW
GetDriveTypeW
CreateMutexA
DeleteCriticalSection
HeapValidate
CreateFileMappingW
GetConsoleCursorInfo
GetStartupInfoW
EnumResourceTypesA
GetCurrentProcess
OpenWaitableTimerW
MultiByteToWideChar
VirtualQuery
HeapDestroy
VirtualFree
CreateFileW
GetEnvironmentVariableW
HeapCreate
GetModuleFileNameA
GetStdHandle
IsBadReadPtr
GetStartupInfoA
TlsSetValue
GetWindowsDirectoryA
DebugBreak
TlsFree
LoadLibraryA
GetCurrentProcessId
GetTimeFormatA
UnhandledExceptionFilter
GetSystemTimeAsFileTime
WaitCommEvent
GetProcAddress
SetThreadLocale
GetCurrentThreadId
SetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
ReadConsoleOutputW
GetLocaleInfoA
EnumSystemLocalesA
GetPrivateProfileStructA
InterlockedIncrement
FindNextFileW
FindResourceExW
FindFirstFileW
lstrcpyn
SetFileAttributesW
LoadLibraryW
WideCharToMultiByte
OpenMutexA
GetOEMCP
OpenFileMappingW
FlushFileBuffers
WriteFile
GetSystemInfo
GetDiskFreeSpaceExA
GetFileType
GlobalGetAtomNameW
InterlockedDecrement
InterlockedExchange
EnumSystemCodePagesA
lstrlenA
GetModuleHandleW
RemoveDirectoryA
GlobalFindAtomW
GetTickCount
GetVolumeInformationA
OpenEventW
GetLocaleInfoW
IsValidLocale
CloseHandle
GetPrivateProfileSectionA
SetEnvironmentVariableA
GetVersionExA
TerminateProcess
GetProfileIntW
CompareStringW
WriteProfileSectionA
CompareStringA
GetStringTypeA
LCMapStringA
GetPrivateProfileStringW
ExpandEnvironmentStringsW
SetHandleCount
IsBadWritePtr
WriteProfileStringA
lstrcmpA
OutputDebugStringW
LCMapStringW
SetStdHandle
SystemTimeToTzSpecificLocalTime
TlsGetValue
SetLastError
LeaveCriticalSection
LockFile
GetSystemDefaultLangID
LoadModule
GetEnvironmentStringsW
SetConsoleScreenBufferSize
GetStringTypeW
GetDateFormatA
GetLastError
FlushConsoleInputBuffer
VirtualAlloc
CreateNamedPipeW
IsValidCodePage
SetFilePointer
HeapFree
HeapReAlloc
RtlFillMemory
FreeEnvironmentStringsA
VirtualUnlock
HeapAlloc
RtlUnwind
QueryPerformanceCounter
ExitProcess
GetModuleHandleA
GetCurrentThread
GetConsoleCP
TlsAlloc
CreateWaitableTimerA
InitializeCriticalSection
lstrcpynW
EnterCriticalSection
wininet
DeleteUrlCacheEntryA
GopherOpenFileW
FindNextUrlCacheEntryExW
SetUrlCacheGroupAttributeW
FindNextUrlCacheEntryExA
GopherGetLocatorTypeA
FindCloseUrlCache
FindNextUrlCacheContainerW
comdlg32
PrintDlgA
FindTextW
GetOpenFileNameW
ChooseFontA
advapi32
CryptGetHashParam
CryptGetKeyParam
CryptSetProviderW
RegDeleteValueA
RegCreateKeyA
RegQueryMultipleValuesW
CryptHashData
RegOpenKeyExA
RegDeleteKeyA
RegReplaceKeyA
ReportEventA
CryptGetDefaultProviderA
CryptSetProviderExW
CryptSignHashW
LogonUserW
CryptDuplicateKey
CryptEnumProvidersA
InitiateSystemShutdownW
CryptSetHashParam
RegSetValueW
CreateServiceW
InitiateSystemShutdownA
DuplicateToken
CryptDestroyKey
RegCloseKey
Sections
.text Size: 203KB - Virtual size: 203KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 406KB - Virtual size: 406KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 128KB - Virtual size: 145KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ