Static task
static1
Behavioral task
behavioral1
Sample
00259fe67bf5cc5395e0f35720e76291530cc9cb7b163177d3f6bda7dab6b034.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
00259fe67bf5cc5395e0f35720e76291530cc9cb7b163177d3f6bda7dab6b034.exe
Resource
win10v2004-20231222-en
General
-
Target
00259fe67bf5cc5395e0f35720e76291530cc9cb7b163177d3f6bda7dab6b034.zip
-
Size
2.4MB
-
MD5
340bb17293ccc0cc802f6de2794ab0cf
-
SHA1
9b404f9123ce92f9e538e2f03f77b6e6cbb32028
-
SHA256
8861f1f45b7d4b2a599c8c17ffeabf084da029ac2b884f698014a2eb30778ba9
-
SHA512
680e85ceff4b9e41ae1f167691b6ea2f5f012153b04fc1a26a6b6c403052698c9d7fd71014d3a7a4f8fc973d965a684d2ebccd921a39741d22fe03adcfaca193
-
SSDEEP
49152:LZA7+DY1eZfVNmixImFrBuyqSpxNoZNv5ZZayBBvs7Q6nh4NR:LZdDY1eBVNm4ImF9uGpxNon5jPGQeiv
Malware Config
Signatures
Files
-
00259fe67bf5cc5395e0f35720e76291530cc9cb7b163177d3f6bda7dab6b034.zip.zip
Password: threatbook
-
00259fe67bf5cc5395e0f35720e76291530cc9cb7b163177d3f6bda7dab6b034.exe windows:5 windows x86 arch:x86
Password: threatbook
f37295a71096ccb7f8bd10df4a9c36a8
Code Sign
4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate
IssuerOU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust NetworkNot Before12/05/1997, 00:00Not After07/01/2004, 23:59SubjectOU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate
IssuerOU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust NetworkNot Before28/02/2001, 00:00Not After06/01/2004, 23:59SubjectCN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.Extended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before10/01/1997, 07:00Not After31/12/2020, 07:00SubjectCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation61:06:2a:8d:00:00:00:00:00:0bCertificate
IssuerCN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before29/03/2001, 21:27Not After29/05/2002, 21:37SubjectCN=Microsoft Corporation,OU=Copyright (c) 2001 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before10/12/2000, 08:00Not After12/11/2005, 08:00SubjectCN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetModuleHandleA
CreateToolhelp32Snapshot
GetVersionExA
CloseHandle
GetTempPathA
SetErrorMode
CopyFileA
GetModuleFileNameA
GetProcAddress
GetLastError
ReadFile
Thread32Next
CreateProcessA
Sleep
Thread32First
OpenThread
OpenProcess
WriteFile
ExpandEnvironmentStringsA
GetProcessHeap
HeapFree
GetCurrentProcess
Process32First
GetSystemDirectoryA
Module32First
Process32Next
Module32Next
SetFilePointer
GetTickCount
GetFileAttributesA
CreateMutexA
WaitForSingleObject
TerminateThread
ExitThread
GetExitCodeThread
CreateThread
SetThreadContext
TerminateProcess
DuplicateHandle
GetFileTime
SetFileAttributesA
SetFileTime
HeapAlloc
GetModuleHandleW
ExitProcess
GetCommandLineA
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlUnwind
SetHandleCount
GetFileType
RaiseException
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
SetEndOfFile
lstrlenA
GetFileSize
CreateFileA
GetComputerNameA
user32
EnumChildWindows
GetForegroundWindow
SendMessageA
GetWindowRect
GetClassNameA
WaitForInputIdle
advapi32
CryptReleaseContext
CryptAcquireContextA
CryptCreateHash
CryptGetHashParam
CryptDestroyHash
CryptHashData
LookupPrivilegeValueA
GetUserNameA
LookupAccountSidA
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
psapi
GetModuleFileNameExA
Sections
.text Size: 87KB - Virtual size: 87KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 729KB - Virtual size: 736KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.EBSS Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ