Static task
static1
General
-
Target
th095.exe
-
Size
680KB
-
MD5
8de95bc7651419201fc1a4ea49bc0697
-
SHA1
83721747012171dd69d442573f8167b856054246
-
SHA256
bb54f6fc54f0eeffaec416ca9f64aef32b5f59b7427fa5a6579f6538e0eddc07
-
SHA512
dd121e6f741872e39dd087195eeda60d8565685c98fd5b78f09e53999394283194c43c022516e88013fcd9e6670154383ea20f5687ce270681bf03798b11beaa
-
SSDEEP
12288:U/0nv+kqed4foYg12Sam3iNaJDjg6AbFtgKbkN9bQrLMyw+T+hfhS1dBA1XiB:U/0mkqeCtrwNSMMT+hY1Sk
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource th095.exe
Files
-
th095.exe.exe windows:4 windows x86 arch:x86
392d17758e1e9ad2594e8f8d1376cd2e
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
dinput8
DirectInput8Create
dsound
ord11
d3d8
Direct3DCreate8
winmm
midiOutLongMsg
timeEndPeriod
joyGetDevCapsA
midiOutUnprepareHeader
timeKillEvent
timeSetEvent
timeGetDevCaps
midiOutShortMsg
midiOutPrepareHeader
timeGetTime
midiOutReset
midiOutClose
midiOutOpen
timeBeginPeriod
joyGetPosEx
kernel32
GetStringTypeW
GetStringTypeA
GetCPInfo
Sleep
LeaveCriticalSection
EnterCriticalSection
ReadFile
CloseHandle
GetFileSize
CreateFileA
WriteFile
LocalFree
FormatMessageA
GetLastError
GetVersionExA
WaitForSingleObject
ResumeThread
QueryPerformanceCounter
QueryPerformanceFrequency
GetStartupInfoA
GetConsoleTitleA
GetModuleFileNameA
CreateMutexA
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
CreateThread
CreateEventA
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
SetStdHandle
LoadLibraryA
GetProcAddress
GetModuleHandleA
WideCharToMultiByte
GetOEMCP
GetACP
IsBadCodePtr
IsBadReadPtr
InterlockedExchange
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
VirtualQuery
GetSystemInfo
VirtualProtect
GetTimeZoneInformation
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
CompareStringW
HeapCreate
HeapDestroy
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetTickCount
GetCurrentProcessId
CompareStringA
IsProcessorFeaturePresent
FlushFileBuffers
TlsAlloc
HeapSize
HeapReAlloc
GetCurrentProcess
RtlUnwind
HeapFree
HeapAlloc
ExitThread
GetCurrentThreadId
RaiseException
CreateDirectoryA
GetSystemTimeAsFileTime
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetCommandLineA
ExitProcess
TerminateProcess
user32
ShowWindow
GetKeyboardState
SetKeyboardState
MsgWaitForMultipleObjects
PostThreadMessageA
KillTimer
SetTimer
GetWindowLongA
MessageBoxA
GetWindowThreadProcessId
AttachThreadInput
SetActiveWindow
DefWindowProcA
LoadCursorA
RegisterClassA
CreateWindowExA
GetSystemMetrics
SystemParametersInfoA
WINNLSEnableIME
ShowCursor
SetCursor
PeekMessageA
TranslateMessage
DispatchMessageA
GetForegroundWindow
MoveWindow
DestroyWindow
gdi32
TextOutA
SetBkMode
SetTextColor
CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteDC
DeleteObject
CreateFontA
GetStockObject
advapi32
RegCloseKey
RegOpenKeyA
RegQueryValueExA
ole32
CoCreateInstance
CoUninitialize
CoInitialize
Sections
.text Size: 589KB - Virtual size: 588KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 59KB - Virtual size: 59KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 24KB - Virtual size: 263KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data1 Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ