Static task
static1
Behavioral task
behavioral1
Sample
4c9de77875c6750411591295980b8d5d.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
4c9de77875c6750411591295980b8d5d.exe
Resource
win10v2004-20231222-en
General
-
Target
4c9de77875c6750411591295980b8d5d
-
Size
49KB
-
MD5
4c9de77875c6750411591295980b8d5d
-
SHA1
c8fa5c578752d0c3f3426bec7485335dc976747d
-
SHA256
e96cca06c1f06fa1b5a059f0d4d48a5dd95c160a53e3e449242146dfe9cb9fa5
-
SHA512
ff65ba2be64d654124aec9b596705d621f364e0f055216b1303cc08731646849a0c2a75441440c57e61765ca22a11e267f630de6051cd8328dac38d772d59f9d
-
SSDEEP
768:jdNwdkwMcQY1PThB0C7iUSuLB9iao8VFul/UJj:wdkwtThCcSuF9tvFcUJ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4c9de77875c6750411591295980b8d5d
Files
-
4c9de77875c6750411591295980b8d5d.exe windows:4 windows x86 arch:x86
9d764483a1db51bbdb54162adab29a5a
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
AddAtomA
CloseHandle
CreateFileA
CreateSemaphoreA
ExitProcess
FindAtomA
FindResourceA
FreeLibrary
GetAtomNameA
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
InterlockedDecrement
InterlockedIncrement
LoadResource
LockResource
ReleaseSemaphore
SetLastError
SetUnhandledExceptionFilter
SizeofResource
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
WriteFile
msvcrt
_write
__getmainargs
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_iob
_onexit
_setmode
abort
atexit
atoi
free
getenv
malloc
memchr
memcpy
memmove
signal
strcmp
strerror
shell32
ShellExecuteA
Sections
.text Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 36B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 18KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 108B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE