Static task
static1
Behavioral task
behavioral1
Sample
e33ca91582395e391a544b2b92686a42ac6d2c799542e1adcb1c7f5fa22d77f7.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
e33ca91582395e391a544b2b92686a42ac6d2c799542e1adcb1c7f5fa22d77f7.exe
Resource
win10v2004-20231222-en
General
-
Target
e33ca91582395e391a544b2b92686a42ac6d2c799542e1adcb1c7f5fa22d77f7
-
Size
10.0MB
-
MD5
79a516ad1b3a5a483333f2e7a98a32d2
-
SHA1
95bcf0a6418f9f840195dbb04566b976cbea45fa
-
SHA256
e33ca91582395e391a544b2b92686a42ac6d2c799542e1adcb1c7f5fa22d77f7
-
SHA512
24883347618b6445f4ce486f26fb1733deb250b8d74f1ae9e038ebeb00710befa6f0fec87fd0689da4d5362654b8db5d97f760c1a603500b11969f598a38e7fa
-
SSDEEP
196608:R6T7uIbiXD8hlE+GmQLX7LraI8wgTrfR5Vv2zrrXMybeGNKtJVBhEqF4KO2f8:U77ieEImX7vpgTLRLOrrcyqtJVbEqF4l
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource e33ca91582395e391a544b2b92686a42ac6d2c799542e1adcb1c7f5fa22d77f7
Files
-
e33ca91582395e391a544b2b92686a42ac6d2c799542e1adcb1c7f5fa22d77f7.exe windows:6 windows x86 arch:x86
147090145698aaf3900ff2e470097fb2
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
shlwapi
PathCombineW
PathRemoveExtensionW
PathAddBackslashW
PathStripPathW
kernel32
OutputDebugStringA
DecodePointer
GetDiskFreeSpaceW
FindClose
FindNextFileW
GetFileAttributesExW
GetFullPathNameW
DeviceIoControl
LocalFree
FormatMessageW
QueryFullProcessImageNameW
K32EnumProcessModules
K32GetModuleFileNameExW
GetCurrentProcess
GetFileTime
DosDateTimeToFileTime
CreateDirectoryExW
CreateEventW
SetEndOfFile
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
FlushFileBuffers
ReadConsoleW
HeapReAlloc
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetFileType
HeapFree
HeapAlloc
GetStdHandle
ExitProcess
FreeLibraryAndExitThread
ExitThread
CreateThread
SystemTimeToFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
LCMapStringEx
EncodePointer
lstrcpyW
GetStringTypeW
QueryPerformanceFrequency
QueryPerformanceCounter
InitOnceComplete
InitOnceBeginInitialize
GetExitCodeThread
WaitForSingleObjectEx
IsProcessorFeaturePresent
GetModuleHandleExW
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
WriteFile
SetFileTime
SetFilePointer
LocalFileTimeToFileTime
GetFileAttributesW
CreateDirectoryW
GlobalLock
GlobalUnlock
GlobalAlloc
GetCurrentProcessId
OutputDebugStringW
MulDiv
GetACP
FreeLibrary
DeleteTimerQueueTimer
CreateTimerQueueTimer
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrlenW
LoadLibraryW
FreeResource
GetTickCount
ReadFile
GetFileSize
CreateFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
InitializeCriticalSectionEx
CreateEventA
GetCommandLineW
Process32NextW
TerminateProcess
OpenProcess
lstrcmpiW
Process32FirstW
CreateToolhelp32Snapshot
GetSystemTimeAsFileTime
GetCurrentThreadId
RaiseException
SizeofResource
LockResource
LoadResource
GetModuleHandleW
lstrcpynW
FindResourceW
GetLastError
WideCharToMultiByte
CreateProcessW
GetProcAddress
CloseHandle
MultiByteToWideChar
WaitForSingleObject
GetModuleFileNameW
WriteConsoleW
FormatMessageA
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetLocalTime
LoadLibraryExW
user32
IsZoomed
CharNextW
SetFocus
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
GetWindowRect
GetCursorPos
ScreenToClient
MapWindowPoints
IntersectRect
IsWindowVisible
OffsetRect
IsRectEmpty
PtInRect
GetWindowLongW
SetWindowLongW
GetParent
GetWindow
MonitorFromWindow
GetMonitorInfoW
SetWindowRgn
MessageBoxW
InflateRect
DefWindowProcW
PostQuitMessage
SetWindowPos
DestroyWindow
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
ShowWindow
EnableWindow
GetSystemMetrics
SetPropW
GetPropW
LoadCursorW
LoadImageW
IsWindow
CreateWindowExW
SendMessageW
DispatchMessageW
TranslateMessage
GetMessageW
PostMessageW
IsIconic
UnionRect
UpdateLayeredWindow
MapVirtualKeyExW
GetKeyNameTextW
GetKeyboardLayout
SetForegroundWindow
GetGUIThreadInfo
InvalidateRgn
CreateAcceleratorTableW
DrawTextA
wsprintfA
EqualRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
IsWindowEnabled
SystemParametersInfoW
wsprintfW
GetSysColor
ClientToScreen
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
GetCaretBlinkTime
CreateCaret
TrackPopupMenu
AppendMenuW
EnableMenuItem
DestroyMenu
CreatePopupMenu
SetRect
FillRect
DrawTextW
CharPrevW
SetCursor
MonitorFromPoint
GetWindowRgn
MoveWindow
gdi32
SetBitmapBits
GetBitmapBits
FillRgn
GetTextExtentPointA
CreatePatternBrush
GdiFlush
TextOutW
MoveToEx
GetObjectA
SetTextColor
SetStretchBltMode
StretchBlt
SetBkMode
SetBkColor
ExtSelectClipRgn
LineTo
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CreateCompatibleBitmap
CombineRgn
GetDeviceCaps
CreateDIBSection
PtInRegion
CreateRectRgn
CreateRoundRectRgn
SetWindowOrgEx
GetObjectW
GetTextMetricsW
SelectObject
SaveDC
RestoreDC
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateCompatibleDC
BitBlt
SelectClipRgn
advapi32
RegDeleteValueW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyW
RegQueryValueExW
RegDeleteKeyW
RegSetValueExW
shell32
SHChangeNotify
SHGetPathFromIDListW
SHGetSpecialFolderPathW
ShellExecuteW
SHBrowseForFolderW
ole32
CoInitialize
CoCreateGuid
CoUninitialize
CreateStreamOnHGlobal
OleLockRunning
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
oleaut32
VariantClear
VariantInit
SysFreeString
SysAllocString
comctl32
_TrackMouseEvent
ord17
gdiplus
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipDrawImageRectI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipFillRectangleI
GdipDrawRectangleI
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFree
imm32
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
winhttp
WinHttpOpen
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpConnect
WinHttpSetOption
WinHttpSetTimeouts
WinHttpCloseHandle
Sections
.text Size: 671KB - Virtual size: 670KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 182KB - Virtual size: 181KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 17.4MB - Virtual size: 17.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ