Static task
static1
Behavioral task
behavioral1
Sample
bfebb998684b1b35acf076ef3af9eba2.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
bfebb998684b1b35acf076ef3af9eba2.exe
Resource
win10v2004-20231215-en
General
-
Target
bfebb998684b1b35acf076ef3af9eba2.bin
-
Size
781KB
-
MD5
bfebb998684b1b35acf076ef3af9eba2
-
SHA1
3a12b55ba15a79c90242621f2fe6ca6733b63649
-
SHA256
ac88a65345b247ea3d0cfb4d2fb1e97afd88460463a4fc5ac25d3569aea42597
-
SHA512
cb05ab7f1a36d88f460fa3550f1c84e97a566a8cb2c35ce5fa508893cf7aa7e45cca1a55e7a319e9dea957232f2f095ace9d289641e81e34dc2776b6e3238dd6
-
SSDEEP
12288:HkhSrrBS/XqTqBCZr7JyZqiAmIxK57pvx9TZTvv9r5K01oYRrTY7:EmrBSCma72AI5JTZTvFI01
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource bfebb998684b1b35acf076ef3af9eba2.bin
Files
-
bfebb998684b1b35acf076ef3af9eba2.bin.exe windows:6 windows x64 arch:x64
ef11d57f5261142ba0a4e4b0cbbdc4ea
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ws2_32
WSAStartup
WSACleanup
WSAGetLastError
socket
__WSAFDIsSet
select
WSASetLastError
ntohl
htonl
ioctlsocket
listen
accept
sendto
recvfrom
freeaddrinfo
getaddrinfo
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
gethostname
wldap32
ord143
ord217
ord46
ord211
ord60
ord45
ord50
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
crypt32
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertAddCertificateContextToStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
normaliz
IdnToAscii
kernel32
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapFree
HeapAlloc
GetConsoleCP
HeapReAlloc
GetConsoleMode
ExitProcess
SetFilePointerEx
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFullPathNameW
SetStdHandle
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadConsoleW
SetEnvironmentVariableW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
VirtualProtect
VirtualFree
VirtualAlloc
GetProcessHeap
UnmapViewOfFile
CloseHandle
LoadLibraryW
GetModuleHandleW
CreateFileMappingW
MapViewOfFile
GetLastError
LocalFree
FindFirstFileW
DeviceIoControl
Sleep
CreateFileA
GetProcAddress
GlobalMemoryStatusEx
GetTickCount
GetCommandLineW
MultiByteToWideChar
ReadFile
WriteFile
GetModuleFileNameW
SetFilePointer
GetCurrentDirectoryW
SetLastError
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
LoadLibraryA
VerifyVersionInfoA
QueryPerformanceCounter
WaitForSingleObjectEx
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
GetFileSizeEx
WideCharToMultiByte
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
GetFileAttributesExW
SetEndOfFile
GetTimeZoneInformation
HeapSize
WriteConsoleW
InitializeSListHead
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
CreateFileW
RtlUnwind
UnhandledExceptionFilter
RtlVirtualUnwind
GetFileInformationByHandle
GetDriveTypeW
LoadLibraryExW
RaiseException
RtlLookupFunctionEntry
RtlCaptureContext
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
RtlPcToFileHeader
RtlUnwindEx
GetCPInfo
GetStringTypeW
TlsAlloc
advapi32
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
GetUserNameA
RegOpenKeyExW
RegOpenKeyW
shell32
CommandLineToArgvW
oleaut32
SafeArrayAccessData
SysAllocString
SafeArrayCreate
SafeArrayPutElement
SafeArrayUnaccessData
SafeArrayCreateVector
Sections
.text Size: 541KB - Virtual size: 541KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 160KB - Virtual size: 159KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 256B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ