Static task
static1
Behavioral task
behavioral1
Sample
295a3200c04e6b754cb530dad1a3ab42c63417ae1dfb2f5e85a60a18f780aa01.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
295a3200c04e6b754cb530dad1a3ab42c63417ae1dfb2f5e85a60a18f780aa01.exe
Resource
win10v2004-20231215-en
General
-
Target
295a3200c04e6b754cb530dad1a3ab42c63417ae1dfb2f5e85a60a18f780aa01.zip
-
Size
958KB
-
MD5
09b2fda60146d221aa1ad232787fc5c2
-
SHA1
a2d330f4259748829817e812174e896eaa5c86d4
-
SHA256
6afdf45c318446f0cc526df3a6246173323321e13e92d3b03f970700fbd16de7
-
SHA512
fe40b8415c54f386bddc240d06322b886826e42c393c503739dcab530918bffa5e5f80f33f1991e0080e62e054e2d1dd3ddfd34454a77dff3102c2d23b8b34ac
-
SSDEEP
12288:7sstYHOTh5/Gs4utqZ+vHOB3JrP3921zZBwrzN0GLBqnuoLyLD/Tx4WPv4LmL04F:7AS3u1FpB332ZUrR04To2P/TOrmFpT44
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/295a3200c04e6b754cb530dad1a3ab42c63417ae1dfb2f5e85a60a18f780aa01
Files
-
295a3200c04e6b754cb530dad1a3ab42c63417ae1dfb2f5e85a60a18f780aa01.zip.zip
Password: threatbook
-
295a3200c04e6b754cb530dad1a3ab42c63417ae1dfb2f5e85a60a18f780aa01.exe windows:4 windows x86 arch:x86
Password: threatbook
079de08b58829a43c0baf0d56c83b7b2
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
memset
_wcsnicmp
wcsncmp
wcsncpy
_wcsdup
free
wcscmp
memmove
wcslen
wcscpy
wcscat
atoi
strlen
sprintf
strstr
_strnicmp
strncpy
strcmp
sscanf
strcpy
memcpy
localtime
mktime
malloc
kernel32
GetModuleHandleW
HeapCreate
Sleep
HeapDestroy
ExitProcess
ExitThread
EnterCriticalSection
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
CreateThread
GetEnvironmentVariableW
SetEnvironmentVariableW
GetModuleFileNameW
GetCurrentProcess
DuplicateHandle
CreatePipe
GetStdHandle
HeapAlloc
CreateProcessW
HeapFree
PeekNamedPipe
MultiByteToWideChar
FreeLibrary
LoadLibraryW
WideCharToMultiByte
GetProcAddress
CreateFileW
WriteFile
FindFirstFileW
FindNextFileW
FindClose
SetFileAttributesW
DeleteFileW
RemoveDirectoryW
CreateDirectoryW
CopyFileW
GetDriveTypeW
GetFileAttributesW
GetLocalTime
SetFilePointer
HeapReAlloc
user32
ShowWindow
FindWindowExW
SendMessageW
PostMessageW
EnumWindows
GetWindowTextW
GetClassNameW
advapi32
RegCreateKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
oleaut32
SysAllocString
shell32
ShellExecuteW
ShellExecuteExW
wsock32
closesocket
WSACleanup
WSAStartup
socket
inet_addr
gethostbyname
htons
connect
ioctlsocket
recv
send
sendto
recvfrom
WSAGetLastError
winmm
timeBeginPeriod
timeEndPeriod
ole32
CoInitialize
CoCreateInstance
CoUninitialize
Sections
.code Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.text Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 304B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 966KB - Virtual size: 965KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE