Static task
static1
Behavioral task
behavioral1
Sample
6f1f130741c10e884ac91387ba6f1671.exe
Resource
win7-20231215-en
General
-
Target
6f1f130741c10e884ac91387ba6f1671
-
Size
4.4MB
-
MD5
6f1f130741c10e884ac91387ba6f1671
-
SHA1
b4e14fc860ef82a4c2090949cd10402916320b99
-
SHA256
4dcc466c7b711acae584e6305f8b5d16f95b443cb719f00de89dfb6e5b32cf03
-
SHA512
f8c18b1dee51f03747d14b0d96e584eb50f51af4df20e70a35c4b8b9630b771b9465e8bedbfce431d296c5e4bef97668c70c233ad18e6fedbe3fa90ded2e948a
-
SSDEEP
98304:s4qEFg15nW5y1E5/VCPB7hW28XjbS/UvVw79jx7Q5vQ:Dcqy1E5/VCPthpUdg95iQ
Malware Config
Signatures
Files
-
6f1f130741c10e884ac91387ba6f1671.exe windows:5 windows x86 arch:x86
eb816bdcb34642ae497d2f004d3c6914
Code Sign
97:d9:a7:20:ef:28:fc:f5:6f:fa:63:b3:e2:46:7d:cbCertificate
IssuerPOSTALCODE=10124Not Before17/08/2021, 22:58Not After17/08/2022, 22:58SubjectPOSTALCODE=1012494:b0:10:a9:97:fe:bb:c3:a4:4a:e3:df:90:38:78:70:14:ae:94:d9:31:d9:d1:03:0a:aa:59:72:d0:00:2b:96Signer
Actual PE Digest94:b0:10:a9:97:fe:bb:c3:a4:4a:e3:df:90:38:78:70:14:ae:94:d9:31:d9:d1:03:0a:aa:59:72:d0:00:2b:96Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
lstrlenA
EnumDateFormatsExW
WriteConsoleOutputW
InterlockedIncrement
GetConsoleAliasA
InterlockedDecrement
WritePrivateProfileSectionA
GetSystemWindowsDirectoryW
GetEnvironmentStringsW
GetUserDefaultLCID
WriteConsoleInputA
SetEvent
GetConsoleAliasesLengthA
GetConsoleTitleA
CreateActCtxW
InitializeCriticalSection
GetConsoleCP
GlobalAlloc
DnsHostnameToComputerNameW
lstrcpynW
SetConsoleCursorPosition
GetFileAttributesW
HeapQueryInformation
IsBadWritePtr
GetCompressedFileSizeA
GetSystemDirectoryA
CreateFileW
lstrcatA
GetACP
GetVolumePathNameA
FlushFileBuffers
VerifyVersionInfoW
InterlockedExchange
GetLastError
GetProcAddress
PeekConsoleInputW
CreateTimerQueueTimer
LocalLock
GetConsoleDisplayMode
EnterCriticalSection
SetTimerQueueTimer
GetLocalTime
WriteConsoleA
DeleteTimerQueue
CreateTapePartition
BeginUpdateResourceA
GlobalGetAtomNameW
WaitForMultipleObjects
SetEnvironmentVariableA
GetModuleFileNameA
GetModuleHandleA
FindFirstVolumeA
EndUpdateResourceA
ReadConsoleInputW
GetCurrentProcessId
AreFileApisANSI
LCMapStringW
FillConsoleOutputCharacterA
GetComputerNameA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapReAlloc
HeapAlloc
GetModuleHandleW
Sleep
ExitProcess
GetCommandLineA
GetStartupInfoA
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
HeapCreate
VirtualFree
HeapFree
VirtualAlloc
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
RaiseException
GetCPInfo
GetOEMCP
IsValidCodePage
RtlUnwind
HeapSize
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
user32
RealGetWindowClassA
advapi32
AdjustTokenGroups
Exports
Exports
@GetAnotherVice@12
@SetFirstEverVice@4
Sections
.text Size: 4.3MB - Virtual size: 4.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 15KB - Virtual size: 40.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 83KB - Virtual size: 82KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ