Static task
static1
Behavioral task
behavioral1
Sample
6fcc97908fb956b7b7e5fa929c41378e.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
6fcc97908fb956b7b7e5fa929c41378e.exe
Resource
win10v2004-20231222-en
General
-
Target
6fcc97908fb956b7b7e5fa929c41378e
-
Size
145KB
-
MD5
6fcc97908fb956b7b7e5fa929c41378e
-
SHA1
333e226821057f9af99faef68c51b41e886ef210
-
SHA256
60b5635685dfb5c2415ca5b5ae9d326e5ca1119003d5ce3c4d512c8b2a130d28
-
SHA512
72de9d69fbf9334444c34a687014fb7fc8dc3cf2b55f996ee36dc23dc66275b9839764e5f217a1fca3cab15080fb144008b4505b34fe3ffc60308e456119a3e2
-
SSDEEP
3072:Qlg2X/T8dZ0APjHk9iuiYyt0fD/dxC4r8ZnuypUGJrfJdz0SOR:F2EyCA9ixYb1ecypUGJrfJd8
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 6fcc97908fb956b7b7e5fa929c41378e
Files
-
6fcc97908fb956b7b7e5fa929c41378e.exe windows:4 windows x86 arch:x86
a26af2a2a5ba2c8e4a046a233ab62f53
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
rpcrt4
RpcBindingFromStringBindingA
RpcStringBindingComposeA
RpcBindingSetAuthInfoA
NdrClientCall
RpcStringFreeA
user32
SetTimer
PostThreadMessageA
CharNextA
PeekMessageA
GetMessageA
KillTimer
CharUpperA
LoadStringA
kernel32
ClearCommBreak
GetStartupInfoA
ReleaseMutex
CreateProcessW
ClearCommBreak
ExitProcess
EnumResourceNamesW
QueryPerformanceCounter
GetExitCodeProcess
ExitProcess
CreateMutexA
CreateFileMappingA
MapViewOfFile
Sections
.text Size: 101KB - Virtual size: 101KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 828B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rscr Size: 512B - Virtual size: 100KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ