Static task
static1
General
-
Target
th105.exe
-
Size
3.0MB
-
MD5
2ae711a6c92c4addbdbf526bc61d8e59
-
SHA1
48d56141e04d2c873ece6b34e95984b2451fa0c7
-
SHA256
56350024879199861579c11b0e1c67b9590e10a8d40cd5996b109deec9afca7e
-
SHA512
2395afae73b65f1b542ea80df6eb3119c736c8dbe674792970eba88e77fcc93d2612162efdb02cc2f3eb027b4e9fa27d8c45e38cf13bdc787dae34b79d70bf16
-
SSDEEP
49152:pgVESGDGLSKNZHSTCfwFNNYOtNwyimbJB487ncEvlJptjmY0J2dz+Bf3zS+QJhk2:gEWLx+wscEU3znc0R17ljK
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource th105.exe
Files
-
th105.exe.exe windows:4 windows x86 arch:x86
0514710e6e9debabc182f2bba10fff5d
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetModuleFileNameA
GetLastError
CreateMutexA
SetCurrentDirectoryA
SetEvent
MoveFileA
CopyFileA
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
CreateDirectoryA
InterlockedCompareExchange
GetStringTypeExA
SetEnvironmentVariableA
WriteFile
GetFileSize
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetUserDefaultLCID
SetFilePointer
ReadFile
CreateFileA
WaitForSingleObject
CloseHandle
CreateEventA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
LoadLibraryA
InterlockedExchange
FreeLibrary
GetConsoleMode
GetConsoleCP
SetStdHandle
LCMapStringW
LCMapStringA
MultiByteToWideChar
VirtualAlloc
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalLock
GetPrivateProfileIntA
GetPrivateProfileStringA
GetFileAttributesA
GetCurrentDirectoryA
SetThreadPriority
GetExitCodeThread
CreateThread
ExitProcess
lstrlenA
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetSystemTimeAsFileTime
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
HeapReAlloc
GetProcAddress
GetModuleHandleA
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WideCharToMultiByte
GetTimeZoneInformation
Sleep
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
user32
wsprintfA
ReleaseDC
GetWindowRect
ToAscii
CloseClipboard
OpenClipboard
GetClipboardData
DefWindowProcA
DispatchMessageA
PostQuitMessage
TranslateMessage
GetMessageA
ShowCursor
SetRect
SendMessageA
MessageBoxA
UpdateWindow
ShowWindow
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadStringA
GetWindowInfo
SetWindowTextA
PeekMessageA
LoadImageA
GetDC
LoadIconA
GetSystemMetrics
SetWindowPos
GetWindowLongA
gdi32
GetTextMetricsA
DeleteObject
GetStockObject
SelectObject
GetGlyphOutlineA
CreateFontA
ole32
CoInitialize
CoUninitialize
CoCreateInstance
winmm
timeGetTime
timeBeginPeriod
imm32
ImmGetContext
ImmReleaseContext
ImmGetCompositionStringA
ImmSetCandidateWindow
d3dx9_33
D3DXVec2Hermite
D3DXVec2Normalize
D3DXCreateTexture
D3DXCreateEffect
d3d9
Direct3DCreate9
ws2_32
inet_addr
socket
recvfrom
closesocket
sendto
ntohs
htons
shutdown
htonl
gethostbyname
WSAStartup
WSAGetLastError
WSACleanup
bind
Sections
.text Size: 2.7MB - Virtual size: 2.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 152KB - Virtual size: 151KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 84KB - Virtual size: 122KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ