Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20231215-en
General
-
Target
file.exe
-
Size
2.6MB
-
MD5
b69036a695b48549380a64c8df3a00f1
-
SHA1
1f70d2f6e9b3172291fba309d60adea856af6be0
-
SHA256
e5c80844063be3cea01fa549f22c23723909ce5e596e2f9001b8c37099657210
-
SHA512
4d5c763842c556eca464cb6aceb3cb6b68ed16794f159c06f28873f32580ee977cef9e9697b92b2f3b1c1d72592f03460b53964ff5d2593a05b7f6a7aafd9cf3
-
SSDEEP
49152:9xVm0KsjOgkwuEfD9GqLToTy1No2IiXwKYIBEe6k:J1S0TooVXXxqBk
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource file.exe
Files
-
file.exe.exe windows:6 windows x64 arch:x64
bc693d65c403eb6efe07b6ce35345618
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
ReleaseMutex
WaitForSingleObject
CreateMutexW
CreateEventW
CancelWaitableTimer
GetProcessTimes
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetThreadPriorityBoost
GetThreadPriority
GetProcessVersion
SetPriorityClass
GetPriorityClass
GetProcessId
GetThreadContext
FlushInstructionCache
GetThreadTimes
OpenProcess
GetProcessHandleCount
GetProcessPriorityBoost
SetProcessPriorityBoost
GetThreadIOPendingFlag
GetVersion
GetVersionExW
GetNativeSystemInfo
SetSystemTimeAdjustment
CreateFileMappingW
FlushViewOfFile
SetProcessWorkingSetSize
GetWriteWatch
ResetWriteWatch
CreateMemoryResourceNotification
IsProcessInJob
AssignProcessToJobObject
SetInformationJobObject
IsWow64Process
DisableThreadLibraryCalls
FreeResource
GetModuleFileNameA
GetModuleFileNameW
LockResource
GlobalUnlock
GlobalCompact
GlobalUnfix
GlobalUnWire
LocalUnlock
LocalShrink
LocalCompact
GetProcessAffinityMask
GetProcessIoCounters
ConvertFiberToThread
CreateFiberEx
CreateFiber
ConvertThreadToFiber
PulseEvent
GlobalDeleteAtom
InitAtomTable
DeleteAtom
SetHandleCount
SetMessageWaitingIndicator
ClearCommBreak
ClearCommError
EscapeCommFunction
GetCommMask
GetCommModemStatus
GetCommTimeouts
TransmitCommChar
PrepareTape
EraseTape
GetStdHandle
GetTapeStatus
MulDiv
SetFilePointer
SetMailslotInfo
AddAtomW
GetNamedPipeHandleStateA
MapUserPhysicalPagesScatter
PostQueuedCompletionStatus
CloseHandle
GetConsoleMode
GetConsoleOutputCP
HeapReAlloc
HeapSize
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindClose
HeapFree
HeapAlloc
GetModuleHandleExW
WriteFile
RtlPcToFileHeader
RaiseException
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
RtlUnwindEx
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetEndOfFile
LockFileEx
LockFile
GetFileTime
GetFileType
GetFileSize
GetFileInformationByHandle
GetFileAttributesExW
FlushFileBuffers
FindNextChangeNotification
FindFirstFileExW
GetProcAddress
GetModuleHandleW
LocalHandle
GlobalHandle
GlobalFlags
LocalSize
CreateIoCompletionPort
GetProcessHeap
GetNamedPipeHandleStateW
GetNamedPipeInfo
PeekNamedPipe
DisconnectNamedPipe
SetLastError
GetLastError
SetHandleInformation
DecodeSystemPointer
EncodeSystemPointer
DecodePointer
EncodePointer
AreFileApisANSI
UnlockFileEx
UnlockFile
SetFileValidData
WriteConsoleW
SetFilePointerEx
CreateFileW
GetMailslotInfo
SetStdHandle
GlobalSize
ExitProcess
CreateTapePartition
Sleep
user32
ChildWindowFromPoint
GetCursorPos
EnableWindow
CreateDialogParamW
DefDlgProcA
SetFocus
InvalidateRect
MessageBoxA
CharLowerBuffA
GetSystemMenu
GetMessageA
CheckMenuRadioItem
DispatchMessageA
GetWindowRect
GetMenu
LoadCursorA
DestroyWindow
InsertMenuItemA
FindWindowA
SetDlgItemInt
EnableMenuItem
GetSysColorBrush
PostQuitMessage
CheckDlgButton
KillTimer
UnregisterClassA
GetDlgItem
GetClientRect
CheckMenuItem
RemoveMenu
AppendMenuA
CharUpperA
LoadIconA
CreateDialogParamA
SetCursor
SetClipboardData
SendMessageA
SetDlgItemTextA
GetClassInfoA
SendDlgItemMessageA
GetClipboardData
TranslateMessage
SetWindowTextA
DestroyMenu
RegisterClassA
IsDlgButtonChecked
EnumClipboardFormats
MoveWindow
GetSysColor
wvsprintfA
SetWindowPlacement
GetWindowLongA
LoadAcceleratorsA
GetWindowTextA
EmptyClipboard
DestroyAcceleratorTable
CallWindowProcA
CloseClipboard
ClientToScreen
SetWindowLongA
IsMenu
SetMenuItemInfoA
IsDialogMessageA
DestroyIcon
RedrawWindow
SetTimer
GetDlgItemTextA
TranslateAcceleratorA
OpenClipboard
IsWindow
GetActiveWindow
GetSubMenu
wsprintfA
TrackPopupMenu
DestroyCursor
GetWindowPlacement
DialogBoxParamA
CreatePopupMenu
GetSystemMetrics
EndDialog
PostMessageA
SetActiveWindow
CheckRadioButton
SetWindowPos
gdi32
GdiGetBatchLimit
GetKerningPairsW
GetMiterLimit
GetEnhMetaFileW
StretchBlt
GetFontLanguageInfo
GetPaletteEntries
GetGraphicsMode
CreateDIBPatternBrushPt
CreateBrushIndirect
AnimatePalette
GetObjectA
DeleteObject
CreateFontIndirectA
SetBkMode
SetTextColor
GetStockObject
SelectObject
comdlg32
GetOpenFileNameA
GetSaveFileNameA
advapi32
RegSetValueA
AdjustTokenPrivileges
RegCreateKeyA
RegDeleteKeyA
RegQueryValueExA
LookupPrivilegeValueA
GetUserNameA
OpenProcessToken
RegOpenKeyExA
RegCloseKey
shell32
ord716
ord176
ord75
ord88
SHGetPathFromIDListW
ord155
FindExecutableW
ExtractAssociatedIconW
Shell_NotifyIconW
ole32
OleDoAutoConvert
OleRegGetMiscStatus
IsAccelerator
CoMarshalHresult
CoAllowSetForegroundWindow
CoImpersonateClient
CoGetStdMarshalEx
MonikerRelativePathTo
dxgi
CreateDXGIFactory
comctl32
ord413
ImageList_Create
ImageList_Remove
CreateToolbarEx
ImageList_Destroy
InitCommonControlsEx
ImageList_SetBkColor
ImageList_ReplaceIcon
ord15
Sections
.text Size: 2.1MB - Virtual size: 2.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 226KB - Virtual size: 225KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 238KB - Virtual size: 251KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 500B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ