Static task
static1
Behavioral task
behavioral1
Sample
0995f71c34f613207bc39ed4fcc1bbbee396a543fa1739656f7ddf70419309fc.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
0995f71c34f613207bc39ed4fcc1bbbee396a543fa1739656f7ddf70419309fc.exe
Resource
win10v2004-20231222-en
General
-
Target
0995f71c34f613207bc39ed4fcc1bbbee396a543fa1739656f7ddf70419309fc
-
Size
320KB
-
MD5
4b3a70e412a7a18a4dba277251e85bcf
-
SHA1
7de6ce74303fdebfb21a518f28aa5c3b6b3a6c0d
-
SHA256
0995f71c34f613207bc39ed4fcc1bbbee396a543fa1739656f7ddf70419309fc
-
SHA512
b3831f5a47ce4ba9c7c636607238260c546ce6324f39966b65183dc16ef01d8ceb99a61a65f892fdcfd992f4cd0fd9eb9f6ee93581764b23fe93247ac4aca795
-
SSDEEP
6144:yeulwBh/IezfTe624N1YX0tbiC/imtDPqEV11Dd6IGLIYym:yeulwjIezfGoa4x1iI
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0995f71c34f613207bc39ed4fcc1bbbee396a543fa1739656f7ddf70419309fc
Files
-
0995f71c34f613207bc39ed4fcc1bbbee396a543fa1739656f7ddf70419309fc.exe windows:6 windows x64 arch:x64
99f403a8d271c481e1abdb2a65909791
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
msvcrt
_cexit
_exit
_XcptFilter
__C_specific_handler
_initterm
_amsg_exit
__setusermatherr
exit
_fmode
__set_app_type
?terminate@@YAXXZ
_commode
memset
memcpy
_ltow
wcscspn
__getmainargs
_ltow_s
wcschr
_wcslwr
_ultow_s
time
wcsrchr
_vsnwprintf
_wcsnicmp
wcstoul
wcsstr
_wcsicmp
_wtol
wcsncmp
_ultow
rpcrt4
UuidCreate
UuidCreateNil
UuidEqual
RpcServerUnsubscribeForNotification
RpcServerSubscribeForNotification
RpcBindingVectorFree
RpcServerRegisterAuthInfoW
RpcServerInqDefaultPrincNameW
RpcEpRegisterW
RpcStringFreeW
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcServerInqBindings
RpcServerUseProtseqW
RpcServerUseProtseqEpW
I_RpcMapWin32Status
RpcServerInqCallAttributesW
RpcAsyncCompleteCall
RpcRevertToSelf
RpcImpersonateClient
RpcServerInqBindingHandle
I_RpcBindingInqLocalClientPID
I_RpcSessionStrictContextHandle
I_RpcBindingIsClientLocal
NdrServerCall2
NdrAsyncServerCall
UuidFromStringW
RpcBindingFree
RpcServerInqCallAttributesA
RpcServerRegisterIfEx
RpcAsyncAbortCall
sspicli
LogonUserExExW
ntdll
RtlLengthSid
EtwTraceMessage
NtTraceControl
RtlSetLastWin32Error
EtwGetTraceLoggerHandle
RtlInitializeCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtOpenThread
NtQueueApcThread
RtlQueueApcWow64Thread
EvtIntReportEventAndSourceAsync
EtwEventWrite
EtwEventRegister
RtlUnhandledExceptionFilter
RtlFreeHeap
NtSetEvent
NtSetInformationProcess
NtOpenProcessToken
RtlSetProcessIsCritical
NtQueryInformationFile
NtSetInformationFile
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
NtWaitForSingleObject
NtQueryDirectoryFile
NtDeleteFile
RtlCopyUnicodeString
NtFilterToken
NtQueryInformationToken
NtSetInformationThread
NtAdjustPrivilegesToken
NtDuplicateToken
NtAccessCheckAndAuditAlarm
NtAccessCheck
NtPrivilegeObjectAuditAlarm
NtPrivilegeCheck
RtlMapGenericMask
RtlSetSecurityObject
NtOpenThreadToken
RtlValidRelativeSecurityDescriptor
RtlQuerySecurityObject
RtlSubAuthoritySid
WinSqmAddToStream
RtlSetControlSecurityDescriptor
NtDeleteKey
NtEnumerateKey
NtDeleteValueKey
NtSetValueKey
NtQueryValueKey
NtOpenKey
NtCreateKey
RtlLengthSecurityDescriptor
RtlValidSecurityDescriptor
RtlSetEnvironmentVariable
RtlConvertExclusiveToShared
RtlConvertSharedToExclusive
RtlCreateServiceSid
RtlRegisterWait
RtlEqualUnicodeString
RtlGetNtProductType
RtlCopySid
NtUnloadDriver
RtlCompareUnicodeString
NtQueryDirectoryObject
NtOpenDirectoryObject
NtLoadDriver
DbgPrintEx
RtlAdjustPrivilege
RtlExpandEnvironmentStrings_U
RtlInitializeSRWLock
NtOpenFile
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U
RtlReleaseSRWLockShared
NtDeleteObjectAuditAlarm
RtlAcquireSRWLockShared
NtFlushKey
RtlAreAllAccessesGranted
NtCloseObjectAuditAlarm
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlDeregisterWait
RtlAcquireResourceShared
RtlInitializeResource
RtlQueueWorkItem
RtlDeleteSecurityObject
RtlReleaseResource
RtlAcquireResourceExclusive
RtlCopyLuid
NtQueryKey
NtShutdownSystem
NtInitializeRegistry
NtSetSystemEnvironmentValue
RtlInitUnicodeString
NtClose
RtlNtStatusToDosError
NtQuerySystemInformation
RtlNtStatusToDosErrorNoTeb
RtlLengthRequiredSid
RtlAddAce
RtlCreateAcl
RtlSetDaclSecurityDescriptor
RtlNewSecurityObject
RtlSetGroupSecurityDescriptor
RtlSetSaclSecurityDescriptor
RtlAllocateHeap
RtlInitializeSid
RtlSubAuthorityCountSid
RtlCreateSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlUnicodeStringToAnsiString
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
RtlUnicodeStringToInteger
profapi
ord101
ord102
ord105
ord106
api-ms-win-security-lsalookup-l1-1-0
LsaLookupTranslateSids
LsaLookupFreeMemory
LsaLookupClose
LsaLookupManageSidNameMapping
LsaLookupGetDomainInfo
LsaLookupTranslateNames
LsaLookupOpenLocalPolicy
api-ms-win-security-sddl-l1-1-0
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidW
cryptbase
SystemFunction029
SystemFunction005
api-ms-win-core-errorhandling-l1-1-0
GetLastError
SetLastError
SetUnhandledExceptionFilter
SetErrorMode
UnhandledExceptionFilter
api-ms-win-core-file-l1-1-0
SetFileInformationByHandle
CreateDirectoryW
FindFirstFileW
CreateFileW
FindClose
FindNextFileW
api-ms-win-core-handle-l1-1-0
DuplicateHandle
CloseHandle
api-ms-win-core-heap-l1-1-0
HeapAlloc
HeapFree
HeapCreate
HeapSetInformation
api-ms-win-core-io-l1-1-0
DeviceIoControl
api-ms-win-core-libraryloader-l1-1-0
GetModuleHandleW
GetProcAddress
LoadLibraryExW
FreeLibrary
LoadStringW
api-ms-win-core-localregistry-l1-1-0
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegNotifyChangeKeyValue
RegSetKeySecurity
RegGetKeySecurity
RegLoadMUIStringW
RegCreateKeyExW
RegSetValueExW
api-ms-win-core-misc-l1-1-0
LocalAlloc
LocalFree
Sleep
IsWow64Process
lstrlenW
api-ms-win-core-processenvironment-l1-1-0
GetEnvironmentVariableW
ExpandEnvironmentStringsW
api-ms-win-core-processthreads-l1-1-0
CreateThread
CreateProcessW
TerminateProcess
GetCurrentThreadId
GetProcessId
OpenThreadToken
GetCurrentThread
GetCurrentProcess
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateProcessAsUserW
ResumeThread
OpenProcessToken
GetCurrentProcessId
SetProcessShutdownParameters
ExitThread
SetThreadPriority
GetProcessTimes
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-string-l1-1-0
CompareStringW
api-ms-win-core-synch-l1-1-0
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
SetEvent
CreateEventW
WaitForMultipleObjectsEx
ResetEvent
OpenEventW
OpenProcess
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetComputerNameExW
GetVersionExW
GetSystemTime
api-ms-win-security-base-l1-1-0
GetSecurityDescriptorDacl
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
EqualSid
AdjustTokenPrivileges
RevertToSelf
ImpersonateLoggedOnUser
CopySid
GetLengthSid
CheckTokenMembership
GetTokenInformation
InitializeAcl
AddAce
SetSecurityDescriptorDacl
AllocateLocallyUniqueId
AllocateAndInitializeSid
FreeSid
GetKernelObjectSecurity
SetKernelObjectSecurity
AddAccessAllowedAce
SetTokenInformation
Sections
.text Size: 243KB - Virtual size: 242KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 544B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ