Static task
static1
Behavioral task
behavioral1
Sample
79456569b6aba9d00e641ce0067a0b18e4fe69232d6c356201d1ab62ebfe4c8f.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
79456569b6aba9d00e641ce0067a0b18e4fe69232d6c356201d1ab62ebfe4c8f.exe
Resource
win10v2004-20231215-en
General
-
Target
79456569b6aba9d00e641ce0067a0b18e4fe69232d6c356201d1ab62ebfe4c8f.zip
-
Size
63KB
-
MD5
df159afec2443a469478ed1a4a7c9230
-
SHA1
c69c004ab4b0fff2b2cc230eb61b412279397661
-
SHA256
6250d21344368e86f887a0c98e6f7d047ec1946a2837fb25aea96660b7b7a6a3
-
SHA512
303e7e9a17333a8e4c93e75710504539fe798a925000a1a2a2b8e722e1c4ca0a8eec79a32a2862c21d9d1841c0895dbf115a8545f2ee1c3abb5548731e0b7aa5
-
SSDEEP
1536:g/5OfKdZBDBgecVpHytxPBv4WzHF8/6v1wGhAe3AE/W:gwfKdzl9uStVB7HqMlhRFW
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/79456569b6aba9d00e641ce0067a0b18e4fe69232d6c356201d1ab62ebfe4c8f.exe
Files
-
79456569b6aba9d00e641ce0067a0b18e4fe69232d6c356201d1ab62ebfe4c8f.zip.zip
Password: infected
-
79456569b6aba9d00e641ce0067a0b18e4fe69232d6c356201d1ab62ebfe4c8f.exe.exe windows:5 windows x86 arch:x86
20b1aabbfbef0aa7aac4124ad015f71c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
ReadFile
GetModuleFileNameW
CreateFileW
GetProcAddress
VirtualAlloc
LoadLibraryA
LocalAlloc
GetExitCodeThread
LockResource
CreateEventW
SetCurrentDirectoryW
SizeofResource
CloseHandle
LocalFree
ResumeThread
CreateThread
GetLastError
GetLocalTime
FlushFileBuffers
HeapReAlloc
WriteConsoleW
SetStdHandle
Sleep
WriteFile
InterlockedDecrement
LoadResource
FindResourceW
GetFileSize
GetEnvironmentVariableW
WaitForMultipleObjects
GetCommandLineW
LoadLibraryW
RtlUnwind
MultiByteToWideChar
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DecodePointer
EncodePointer
GetCPInfo
InterlockedIncrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
IsProcessorFeaturePresent
HeapCreate
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringW
HeapSize
user32
CharLowerBuffW
wsprintfW
LoadBitmapW
gdi32
DeleteDC
GetDIBits
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
SetDIBits
GetObjectW
BitBlt
shell32
ShellExecuteW
CommandLineToArgvW
ole32
CoCreateGuid
StringFromGUID2
Sections
.text Size: 66KB - Virtual size: 65KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 21KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.SHARDAT Size: 512B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 48KB - Virtual size: 47KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ