Static task
static1
Behavioral task
behavioral1
Sample
6606b2fb58c71fc555b1fa04a7f42d0f.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
6606b2fb58c71fc555b1fa04a7f42d0f.exe
Resource
win10v2004-20231222-en
General
-
Target
6606b2fb58c71fc555b1fa04a7f42d0f.bin
-
Size
863KB
-
MD5
6606b2fb58c71fc555b1fa04a7f42d0f
-
SHA1
726b0b468c57353940ad76de98904634ceb7d27b
-
SHA256
422e3b16e431daa07bae951eed08429a0c4ccf8e37746c733be512f1a5a160a3
-
SHA512
8b94dd5d2e4c51fc3126ea658b85aca33551da300a96917b320bead2417864e28d39cc0ad97752aa2cfa8f3315ca6cc51ad8086401b9d45fdffe8fbc4a4443fd
-
SSDEEP
12288:OUgKOIdbSEYJl0IH/Oxls278YOa+HkrpbfWecQYLgtsBkopuu:Zg3aCl0If3KOgr/cVgtikIuu
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 6606b2fb58c71fc555b1fa04a7f42d0f.bin
Files
-
6606b2fb58c71fc555b1fa04a7f42d0f.bin.exe windows:6 windows x64 arch:x64
bc3ec6bba7396eb821d326e5e5e8ddf0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ws2_32
gethostname
ntohl
htonl
ioctlsocket
listen
accept
sendto
recvfrom
freeaddrinfo
getaddrinfo
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
socket
WSAGetLastError
WSACleanup
WSAStartup
wldap32
ord217
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord143
crypt32
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertAddCertificateContextToStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
normaliz
IdnToAscii
kernel32
GetFileAttributesExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapAlloc
HeapFree
GetConsoleCP
HeapReAlloc
GetConsoleMode
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
CreateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
GetModuleHandleExW
GetFullPathNameW
SetStdHandle
FlushFileBuffers
GetTimeZoneInformation
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
ReadConsoleW
GetEnvironmentStringsW
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FreeEnvironmentStringsW
FindClose
CreateFileA
CloseHandle
GetSystemInfo
GlobalMemoryStatusEx
WideCharToMultiByte
GetTickCount
LoadLibraryW
GetProcAddress
GetCommandLineW
MultiByteToWideChar
LocalFree
ReadFile
WriteFile
GetModuleFileNameW
SetFilePointer
GetStartupInfoW
GetCurrentDirectoryW
GetLastError
SetLastError
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
LoadLibraryA
VerifyVersionInfoA
QueryPerformanceCounter
WaitForSingleObjectEx
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
GetFileSizeEx
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
SetEnvironmentVariableW
GetProcessHeap
SetEndOfFile
HeapSize
WriteConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
Sleep
CreateFileW
CompareStringW
DecodePointer
EncodePointer
GetModuleHandleW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
ExitProcess
LoadLibraryExW
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
user32
MessageBoxA
advapi32
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
GetUserNameA
shell32
CommandLineToArgvW
oleaut32
SafeArrayCreate
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayPutElement
SysAllocString
winhttp
WinHttpCloseHandle
WinHttpReceiveResponse
WinHttpOpen
WinHttpReadData
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpSendRequest
WinHttpConnect
WinHttpCrackUrl
Sections
.text Size: 629KB - Virtual size: 629KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 187KB - Virtual size: 187KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 34KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ