Static task
static1
Behavioral task
behavioral1
Sample
2112f53d7217765139410a040b6857f2.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2112f53d7217765139410a040b6857f2.exe
Resource
win10v2004-20231215-en
General
-
Target
2112f53d7217765139410a040b6857f2
-
Size
10KB
-
MD5
2112f53d7217765139410a040b6857f2
-
SHA1
3ead074c52e0ba8e600b50fac7536a1ae881aaba
-
SHA256
655758a6149de967f8d6f5cf3b0e4f1771570195626d02529d1d273becaa1edf
-
SHA512
86649fe1b06bc433f62e4b0e086adfbff22edc78b788801bf607b339c55ddfabe85bc855db96b08edaab6ecd7f9a82dacbb3973d8a3436a2ec6d5d914a06b8aa
-
SSDEEP
192:FvFL2rQfQs05Kr1NCeY6HI5Fc0IIHMPOafzQJQMSBGMCSg:tkrQfV0521Q8gHXMP3kJQMSBzr
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2112f53d7217765139410a040b6857f2
Files
-
2112f53d7217765139410a040b6857f2.exe windows:4 windows x86 arch:x86
9add77c7b69e561d295658d70f5913ef
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
user32
wsprintfA
CharLowerA
kernel32
ExitProcess
GetModuleFileNameA
GetTempPathA
GetThreadContext
GetTickCount
GlobalAlloc
GlobalFree
ResumeThread
RtlUnwind
SetThreadContext
Sleep
DeleteFileA
WaitForSingleObject
WriteFile
lstrcatA
lstrcpyA
lstrlenA
SetProcessAffinityMask
HeapAlloc
HeapFree
GetProcessHeap
CreateProcessA
GetVersionExA
GetComputerNameW
VirtualFree
DeviceIoControl
LocalFree
CreateFileA
CopyFileA
CloseHandle
TerminateProcess
VirtualAlloc
ntdll
ZwMapViewOfSection
ZwUnmapViewOfSection
ZwClose
ZwOpenSection
ZwQuerySystemInformation
ZwSystemDebugControl
_snwprintf
strstr
strrchr
strcmp
strcat
memcpy
memset
strlen
wcscat
advapi32
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
SetSecurityInfo
GetUserNameA
SetEntriesInAclA
GetSecurityInfo
shell32
ShellExecuteA
SHGetFolderPathA
Sections
.text Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 562KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE