Static task
static1
Behavioral task
behavioral1
Sample
f0196fabcccff5e05183c82a3114fa5eac33c1b40674f896d7771809333c1adc.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
f0196fabcccff5e05183c82a3114fa5eac33c1b40674f896d7771809333c1adc.exe
Resource
win10v2004-20231215-en
General
-
Target
f0196fabcccff5e05183c82a3114fa5eac33c1b40674f896d7771809333c1adc
-
Size
883KB
-
MD5
896ab89192864d5fab1ba16bb4ee4cb1
-
SHA1
fafa59c3e7dcfbce89e94b7e888e2209b7e821f4
-
SHA256
f0196fabcccff5e05183c82a3114fa5eac33c1b40674f896d7771809333c1adc
-
SHA512
8c0d00f4387a2867fee6b64853ea519f17353f164be9e7a26b987374eae7197aa4f29366156ee802e22a6242bce04af411e4141c1f8cc8ded65803077649ec06
-
SSDEEP
12288:YBQ+nr+aDfBey1WpEKXHarI3BXml6Bh7L3pGq1pnM6xLVgM9xk9W3hBHGKhJ:RK5eaWeKX6rETRDpJ1VL2M9xk9cyKhJ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f0196fabcccff5e05183c82a3114fa5eac33c1b40674f896d7771809333c1adc
Files
-
f0196fabcccff5e05183c82a3114fa5eac33c1b40674f896d7771809333c1adc.exe windows:6 windows x86 arch:x86
5893d5018845c9f5698f0bc78773afae
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mfc140
ord1443
ord9092
ord3185
ord6502
ord13202
ord13699
ord12501
ord12521
ord13036
ord13230
ord13234
ord13966
ord13619
ord14032
ord8838
ord14029
ord12960
ord14044
ord14040
ord12963
ord5192
ord890
ord1389
ord6774
ord3231
ord3351
ord1403
ord4655
ord8426
ord13883
ord1064
ord1177
ord6831
ord993
ord6323
ord14582
ord6324
ord14583
ord6322
ord14581
ord7964
ord12474
ord14380
ord11927
ord11928
ord2027
ord7905
ord12888
ord4082
ord4143
ord9353
ord4227
ord7886
ord14509
ord12484
ord12485
ord2484
ord10330
ord5336
ord8285
ord4580
ord12806
ord12869
ord10383
ord12190
ord8347
ord1468
ord7618
ord8429
ord2200
ord4869
ord3808
ord3688
ord3686
ord3685
ord4468
ord14421
ord6505
ord10986
ord6464
ord3140
ord4210
ord9083
ord6562
ord3184
ord6996
ord4215
ord8704
ord2989
ord3866
ord14487
ord2751
ord9088
ord5858
ord2165
ord2166
ord2210
ord3796
ord3669
ord3250
ord6806
ord7459
ord12074
ord6193
ord13677
ord2758
ord9167
ord12115
ord1109
ord8997
ord10963
ord11343
ord10421
ord4084
ord458
ord3395
ord3396
ord3159
ord7076
ord14149
ord3689
ord8735
ord2003
ord7475
ord9089
ord1178
ord7855
ord13278
ord5155
ord6946
ord5648
ord5792
ord13584
ord5826
ord13582
ord5814
ord6563
ord3166
ord11850
ord10379
ord11580
ord14243
ord6942
ord4490
ord2560
ord1169
ord4868
ord3179
ord3178
ord3177
ord540
ord1066
ord362
ord13011
ord4640
ord4865
ord6460
ord2241
ord12555
ord1353
ord12581
ord12551
ord1999
ord824
ord1411
ord4661
ord12554
ord2001
ord12620
ord929
ord1447
ord13198
ord974
ord8717
ord1696
ord9087
ord1160
ord3335
ord3170
ord6544
ord2298
ord1106
ord8326
ord8770
ord13025
ord13027
ord12808
ord12894
ord450
ord3946
ord2518
ord6785
ord358
ord6463
ord898
ord6768
ord3874
ord2520
ord6540
ord4607
ord4787
ord1131
ord6523
ord9096
ord12969
ord2860
ord8776
ord14054
ord1470
ord995
ord13028
ord9085
ord1068
ord3864
ord2988
ord8703
ord4213
ord3142
ord6471
ord6104
ord7619
ord6195
ord13681
ord3298
ord3295
ord10207
ord8173
ord2759
ord14699
ord10237
ord10239
ord10238
ord10236
ord10240
ord5631
ord11671
ord11672
ord12032
ord3830
ord3825
ord11881
ord14502
ord8922
ord12163
ord6947
ord10860
ord10950
ord9213
ord3259
ord13798
ord12205
ord12201
ord1717
ord1739
ord1765
ord1751
ord1772
ord4920
ord4987
ord4932
ord4950
ord4944
ord4938
ord4997
ord4981
ord4926
ord5003
ord4958
ord4896
ord4911
ord4972
ord4493
ord5769
ord9647
ord4485
ord3050
ord14510
ord7887
ord14508
ord6848
ord13475
ord11663
ord13628
ord5911
ord7783
ord5398
ord2680
ord12067
ord3933
ord3363
ord3364
ord3258
ord12111
ord4870
ord1000
ord4866
ord1448
ord2005
ord975
ord2204
ord2202
ord3844
ord1471
ord5894
ord12182
ord12191
ord4582
ord8180
ord10384
ord12194
ord12162
ord12870
ord998
ord7406
ord5228
ord5528
ord5739
ord9305
ord5504
ord5742
ord5231
ord5390
ord5210
ord7452
ord7687
ord7688
ord7677
ord5388
ord8182
ord10202
ord9166
ord4725
ord4705
ord2881
ord8140
ord5562
ord1142
ord503
ord12863
ord8718
ord8679
ord4656
ord12706
ord5898
ord305
ord3005
ord14238
ord12503
ord5861
ord5096
ord8322
ord14322
ord2986
ord1526
ord4841
ord3230
ord14571
ord12348
ord14518
ord12291
ord300
ord6724
ord2376
ord2381
ord12195
ord13056
ord12433
ord3012
ord13039
ord12430
ord2892
ord1721
ord1438
ord10700
ord963
ord6801
ord14172
ord9129
ord9225
ord8847
ord10979
ord11257
ord11145
ord2503
ord13054
ord12431
ord2561
ord6909
ord4807
ord1529
ord1044
ord310
ord316
ord1661
ord266
ord265
ord1507
ord5095
ord14507
ord1509
ord1698
ord2407
kernel32
GetNativeSystemInfo
GetModuleFileNameA
LoadResource
SizeofResource
FindResourceA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetVolumeInformationA
SystemTimeToFileTime
lstrcpyA
GetSystemTime
GetPrivateProfileSectionA
GetCurrentDirectoryA
AllocConsole
GetPrivateProfileIntA
GetSystemDefaultLangID
K32GetProcessMemoryInfo
GlobalFree
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
WriteFile
DeleteFileA
GetStartupInfoA
LoadLibraryA
lstrlenA
GetProcAddress
FreeLibrary
GetSystemFirmwareTable
CreateProcessA
DeviceIoControl
CreatePipe
ReadFile
CreateFileA
CreateEventA
WaitForSingleObject
SetEvent
CloseHandle
FormatMessageA
LocalFree
Sleep
VirtualFree
VirtualAlloc
GetLocalTime
DeleteCriticalSection
GetLastError
OutputDebugStringW
user32
DrawFocusRect
OffsetRect
PtInRect
MessageBoxA
GetWindowRect
DrawTextExA
GrayStringA
TabbedTextOutA
SetRect
GetWindow
IsIconic
GetSystemMenu
AppendMenuA
DrawIcon
LoadIconW
GetMessagePos
MapWindowPoints
CopyRect
FillRect
ScreenToClient
ReleaseDC
GetDC
UpdateWindow
GetSystemMetrics
ReleaseCapture
GetSysColor
InvalidateRect
DrawTextA
GetClientRect
GetKeyState
GetParent
EnableWindow
PostMessageA
DispatchMessageA
TranslateMessage
KillTimer
SetTimer
PostThreadMessageA
GetCapture
SetCapture
DrawFrameControl
GetFocus
SendMessageA
wsprintfA
gdi32
GetTextMetricsA
TextOutA
RectVisible
PtVisible
Escape
BitBlt
ExtTextOutA
GetTextExtentPoint32A
Rectangle
CreateSolidBrush
CreatePen
CreateCompatibleDC
CreateCompatibleBitmap
CreateRectRgnIndirect
advapi32
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
shell32
SHGetPathFromIDListA
SHBrowseForFolderA
comctl32
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_DragMove
ImageList_DrawEx
ImageList_AddMasked
ImageList_Draw
ImageList_GetImageCount
ImageList_DragShowNolock
ImageList_GetIconSize
ImageList_DragLeave
ImageList_Copy
ole32
CoInitialize
msvcp140
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
ws2_32
accept
bind
closesocket
connect
WSAAddressToStringA
getpeername
getsockname
htons
recv
select
send
socket
gethostbyaddr
gethostbyname
WSAStartup
WSACleanup
WSAGetLastError
htonl
inet_ntoa
ntohs
WSASetLastError
getaddrinfo
freeaddrinfo
setsockopt
listen
iphlpapi
GetAdaptersInfo
vcruntime140
_except_handler4_common
__vcrt_InitializeCriticalSectionEx
strchr
memset
_CxxThrowException
memchr
_purecall
memcpy
__CxxFrameHandler3
strstr
memmove
__std_terminate
api-ms-win-crt-stdio-l1-1-0
_getcwd
freopen
__acrt_iob_func
fwrite
ftell
__stdio_common_vsprintf
fopen
fgets
feof
fseek
__p__commode
fread
__stdio_common_vsprintf_s
__stdio_common_vfprintf
_set_fmode
fclose
fopen_s
api-ms-win-crt-heap-l1-1-0
_set_new_mode
free
malloc
api-ms-win-crt-math-l1-1-0
ceil
_except1
__setusermatherr
api-ms-win-crt-runtime-l1-1-0
_cexit
_crt_atexit
_register_onexit_function
_initterm_e
_exit
_c_exit
terminate
_initialize_onexit_table
_initialize_narrow_environment
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_seh_filter_exe
_register_thread_local_exe_atexit_callback
__p___argc
__p___argv
system
_set_app_type
_controlfp_s
_get_narrow_winmain_command_line
exit
_initterm
api-ms-win-crt-string-l1-1-0
isspace
isalnum
isprint
strcpy_s
strnlen
isdigit
_strupr_s
strncpy_s
_strupr
strtok
_stricmp
toupper
tolower
strncmp
api-ms-win-crt-convert-l1-1-0
atoi
strtol
atol
strtoul
atof
api-ms-win-crt-time-l1-1-0
_time64
_gmtime64_s
api-ms-win-crt-filesystem-l1-1-0
_makepath_s
_rmdir
_makepath
_findnext64i32
_splitpath
_chdrive
_chdir
_findfirst64i32
_mkdir
_findclose
api-ms-win-crt-utility-l1-1-0
ldiv
qsort
api-ms-win-crt-locale-l1-1-0
_setmbcp
_configthreadlocale
Sections
.text Size: 211KB - Virtual size: 211KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 51KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 48B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.giats Size: 512B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 613KB - Virtual size: 613KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ