Static task
static1
Behavioral task
behavioral1
Sample
7e6d6534a559ab9fd4a1ae068e14481f.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
7e6d6534a559ab9fd4a1ae068e14481f.exe
Resource
win10v2004-20231222-en
General
-
Target
7e6d6534a559ab9fd4a1ae068e14481f
-
Size
359KB
-
MD5
7e6d6534a559ab9fd4a1ae068e14481f
-
SHA1
b0e7bb131c06df2ed9bacb5922b4ca18099f2f72
-
SHA256
f491b45d463b6dd3097a33276970da90d2ab65a6dcb6bf41953374bb235cd280
-
SHA512
3714eadbc876ca2adb324576fbdc8b62b3774119e77876f89d7126ba3d04aaf968df487ad4f02e1996d8b220922ce3823df11940ee97c38f4ec95d18e7b8194b
-
SSDEEP
6144:O/Pdu89ZAIBBCWciLU4xFHU5p6hqFattmIH3tBHRY7ac8HJpFrAMm1LTRRN+gnjT:mdu89ZHhdxFHm6hqFaauxY7aFc51hRU2
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 7e6d6534a559ab9fd4a1ae068e14481f
Files
-
7e6d6534a559ab9fd4a1ae068e14481f.exe windows:5 windows x86 arch:x86
435b26c1f763a0346270891a81a1b2ae
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
VirtualAlloc
FindFirstFileW
GetComPlusPackageInstallStatus
EscapeCommFunction
SignalObjectAndWait
GetLogicalDriveStringsA
GetConsoleProcessList
FindNextVolumeMountPointA
EnumUILanguagesA
GetVolumeNameForVolumeMountPointW
EnumResourceTypesA
MapUserPhysicalPagesScatter
OpenProcess
GetStartupInfoA
ReleaseActCtx
GetCurrentThread
HeapCreate
MoveFileExW
GetPrivateProfileSectionW
LoadLibraryA
OutputDebugStringA
ExitProcess
GetSystemPowerStatus
GetFileAttributesA
wininet
HttpEndRequestA
InternetWriteFileExW
FtpCreateDirectoryA
InternetOpenA
InternetSetCookieExW
InternetTimeToSystemTimeW
InternetEnumPerSiteCookieDecisionA
InternetGetCookieExW
InternetGetCertByURLA
InternetSetFilePointer
InternetCreateUrlW
InternetCheckConnectionW
GopherCreateLocatorA
UnlockUrlCacheEntryFileA
FtpCreateDirectoryW
wsnmp32
SnmpFreeDescriptor
_SnmpSetAgentAddress@4
SnmpSetPort
SnmpStrToEntity
SnmpSetPduData
SnmpDeleteVb
SnmpStrToOid
SnmpCreatePdu
SnmpStrToContext
SnmpOidToStr
SnmpSetRetransmitMode
SnmpDuplicatePdu
SnmpGetVb
SnmpEncodeMsg
SnmpFreeEntity
SnmpGetPduData
SnmpContextToStr
SnmpGetRetransmitMode
SnmpEntityToStr
SnmpFreePdu
SnmpOpen
SnmpSetTranslateMode
SnmpGetVendorInfo
rasapi32
RasEnumConnectionsW
RasDeleteEntryA
RasEnumAutodialAddressesW
RasSetCredentialsW
RasScriptReceive
RasGetEntryDialParamsW
RasSetEntryPropertiesA
RasEnumEntriesA
RasGetSubEntryPropertiesA
RasGetEapUserIdentityW
RasScriptTerm
RasGetCountryInfoW
RasAutoDialSharedConnection
RasInvokeEapUI
RasGetCustomAuthDataA
RasQueryRedialOnLinkFailure
Sections
.text Size: 347KB - Virtual size: 346KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 336KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 508B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ