Static task
static1
General
-
Target
th095e.exe
-
Size
680KB
-
MD5
4be881eea5405ac9579a4f741d28be61
-
SHA1
62a4b9314e632240bdbce566bf49b3d50bc51b22
-
SHA256
350efaf4585e461e8071d9818f48a34d09bb0782932630155eddba68e65d5089
-
SHA512
462cd37518a3646cdc6b164a2b386ffcb9d2bb42164ac3788ece7016469add38e5d115dcea7f14698739a3c03e15f6fa91de369ae84afcc9d24916b8ac81ab51
-
SSDEEP
12288:U/03v+kqej4foYg12Sam3iNaJDjg6AbFtgKbkN9DQrLMyw+T+hfhS1dnANXiB:U/0WkqestrwNqMMT+hYDuk
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource th095e.exe
Files
-
th095e.exe.exe windows:4 windows x86 arch:x86
392d17758e1e9ad2594e8f8d1376cd2e
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
dinput8
DirectInput8Create
dsound
ord11
d3d8
Direct3DCreate8
winmm
midiOutLongMsg
timeEndPeriod
joyGetDevCapsA
midiOutUnprepareHeader
timeKillEvent
timeSetEvent
timeGetDevCaps
midiOutShortMsg
midiOutPrepareHeader
timeGetTime
midiOutReset
midiOutClose
midiOutOpen
timeBeginPeriod
joyGetPosEx
kernel32
GetStringTypeW
GetStringTypeA
GetCPInfo
Sleep
LeaveCriticalSection
EnterCriticalSection
ReadFile
CloseHandle
GetFileSize
CreateFileA
WriteFile
LocalFree
FormatMessageA
GetLastError
GetVersionExA
WaitForSingleObject
ResumeThread
QueryPerformanceCounter
QueryPerformanceFrequency
GetStartupInfoA
GetConsoleTitleA
GetModuleFileNameA
CreateMutexA
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
CreateThread
CreateEventA
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
SetStdHandle
LoadLibraryA
GetProcAddress
GetModuleHandleA
WideCharToMultiByte
GetOEMCP
GetACP
IsBadCodePtr
IsBadReadPtr
InterlockedExchange
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
VirtualQuery
GetSystemInfo
VirtualProtect
GetTimeZoneInformation
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
CompareStringW
HeapCreate
HeapDestroy
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetTickCount
GetCurrentProcessId
CompareStringA
IsProcessorFeaturePresent
FlushFileBuffers
TlsAlloc
HeapSize
HeapReAlloc
GetCurrentProcess
RtlUnwind
HeapFree
HeapAlloc
ExitThread
GetCurrentThreadId
RaiseException
CreateDirectoryA
GetSystemTimeAsFileTime
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetCommandLineA
ExitProcess
TerminateProcess
user32
ShowWindow
GetKeyboardState
SetKeyboardState
MsgWaitForMultipleObjects
PostThreadMessageA
KillTimer
SetTimer
GetWindowLongA
MessageBoxA
GetWindowThreadProcessId
AttachThreadInput
SetActiveWindow
DefWindowProcA
LoadCursorA
RegisterClassA
CreateWindowExA
GetSystemMetrics
SystemParametersInfoA
WINNLSEnableIME
ShowCursor
SetCursor
PeekMessageA
TranslateMessage
DispatchMessageA
GetForegroundWindow
MoveWindow
DestroyWindow
gdi32
TextOutA
SetBkMode
SetTextColor
CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteDC
DeleteObject
CreateFontA
GetStockObject
advapi32
RegCloseKey
RegOpenKeyA
RegQueryValueExA
ole32
CoCreateInstance
CoUninitialize
CoInitialize
Sections
.text Size: 589KB - Virtual size: 588KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 59KB - Virtual size: 59KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 24KB - Virtual size: 263KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data1 Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ