Static task
static1
Behavioral task
behavioral1
Sample
2d07e4b9df7cdeaa7a5ad0c1388bfbc7.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2d07e4b9df7cdeaa7a5ad0c1388bfbc7.exe
Resource
win10v2004-20231222-en
General
-
Target
2d07e4b9df7cdeaa7a5ad0c1388bfbc7
-
Size
34KB
-
MD5
2d07e4b9df7cdeaa7a5ad0c1388bfbc7
-
SHA1
b95ee9b7f12dd5670519c418c475a95d3c970aa7
-
SHA256
0a1fa6f46251d378e85cbc59f43b737af38d1fa3bc9b268f9872128306fcd4d2
-
SHA512
4f8d3773c6350d1375ae4b9b3db32ac64a7a0b72e1f06072999d0cf3b0cf4ebdf682567697afb9e893a1e7f535cbd28feae5daa23f75827739ffea825dc7e141
-
SSDEEP
768:46eyLfXEWGzghWM2Tr9pmCOwL2ZrubdjBk/Ro:heyLfXEI2TBpmCl2Q+o
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2d07e4b9df7cdeaa7a5ad0c1388bfbc7
Files
-
2d07e4b9df7cdeaa7a5ad0c1388bfbc7.exe windows:4 windows x86 arch:x86
6b8ac6ac416546dfef32ed1567f71efa
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
lstrcpyA
GetLastError
CreateMutexA
FreeConsole
CloseHandle
DisconnectNamedPipe
TerminateProcess
WaitForMultipleObjects
TerminateThread
GetWindowsDirectoryA
CreatePipe
CreateProcessA
DuplicateHandle
GetCurrentProcess
ExitThread
ReadFile
PeekNamedPipe
WriteFile
GetModuleFileNameA
CopyFileA
CreateThread
Sleep
CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
ExitProcess
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
FlushFileBuffers
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
RtlUnwind
SetFilePointer
SetStdHandle
MultiByteToWideChar
SetEnvironmentVariableA
advapi32
RegSetValueExA
RegCloseKey
RegCreateKeyExA
ws2_32
send
recv
WSAStartup
socket
htons
connect
closesocket
inet_addr
gethostbyname
WSACleanup
Sections
.text Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE