Static task
static1
Behavioral task
behavioral1
Sample
28a6492443d599280e597f50d08a16ab.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
28a6492443d599280e597f50d08a16ab.exe
Resource
win10v2004-20231215-en
General
-
Target
28a6492443d599280e597f50d08a16ab
-
Size
448KB
-
MD5
28a6492443d599280e597f50d08a16ab
-
SHA1
f674f67fb8871ae339552b2a5f0f9f71b445c92d
-
SHA256
2d355f06b3ca644b95dd9d6fa3fae395360c95cb9d4d12de850c3e85b9f85e68
-
SHA512
6b62ea7abce1da8cba76b4088ca2fb2394971c7c5a5b31bd0a60c869340e4e11188c813c80b043d19d8b061f94b8966a91ecb266095b94e0cf2f475ef6b09b99
-
SSDEEP
6144:r1aKfTldyN6nRD91nqjJMRiT762y0uBbpndTMJG/h300PYpIbvAetJKvoCLkhUvT:r1dCuRqjQiq2p8PTXDPYmzAePKvoIza
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 28a6492443d599280e597f50d08a16ab
Files
-
28a6492443d599280e597f50d08a16ab.exe windows:4 windows x86 arch:x86
936cf6f2591cc37bd924f56cafe4bd42
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
gdi32
CreateSolidBrush
GetCurrentObject
SetDIBits
GetObjectW
GetNearestPaletteIndex
SetStretchBltMode
GetNearestColor
DeleteObject
SetMapMode
SetDIBitsToDevice
SelectPalette
StretchDIBits
SetDIBColorTable
PatBlt
SelectObject
user32
UnionRect
kernel32
InterlockedIncrement
EnterCriticalSection
UnhandledExceptionFilter
TerminateProcess
GlobalDeleteAtom
GlobalAddAtomA
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentThreadId
Beep
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedDecrement
GetTickCount
QueryPerformanceCounter
GetLastError
LeaveCriticalSection
lstrlenA
advapi32
QueryServiceStatus
RegSetValueExW
msvcrt
free
_except_handler3
_snprintf
exit
realloc
__CxxFrameHandler
longjmp
_adjust_fdiv
_purecall
sscanf
malloc
_initterm
_iob
fprintf
getenv
_setjmp3
ole32
ReleaseStgMedium
ntdll
NtAllocateVirtualMemory
wininet
InternetCrackUrlW
ws2help
WahCloseThread
Sections
.text Size: 47KB - Virtual size: 46KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 28B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 31KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 74KB - Virtual size: 928KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 294KB - Virtual size: 293KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE