Static task
static1
Behavioral task
behavioral1
Sample
f4488ed8da62e7e849070788bcf45eb70f4a2461333918b9b9087f8bbe8d2a22.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
f4488ed8da62e7e849070788bcf45eb70f4a2461333918b9b9087f8bbe8d2a22.exe
Resource
win10v2004-20231215-en
General
-
Target
1f9cf120796b3e008b0230d98d8fe7e2.bin
-
Size
106KB
-
MD5
230a70f3ec480c512b9637a5c9060fb1
-
SHA1
ea16514d2d7dd039523709ff37516a6db5b6792a
-
SHA256
141c7e51ef29d45b95dc91164dff45039c57e645cbb21b230eecb8332d4e0560
-
SHA512
6dbba257ff0032712a1005e5a32c082e9730ce04c758eb138a5593a9b4b3d8656f6d104c8b687d9841419a2f49ffb28dc79c2426eae8e9d1f877e1abfb5bef62
-
SSDEEP
3072:q6sMkY8NgxLdShK6lhkz9Fr4X8/WpWMVmXKArOUBTMLpzYiHySFFlkFv4QIDAsH:h0YM+LdmK6/i4M/WokUBYVzpSmFPQpM
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/f4488ed8da62e7e849070788bcf45eb70f4a2461333918b9b9087f8bbe8d2a22.exe
Files
-
1f9cf120796b3e008b0230d98d8fe7e2.bin.zip
Password: infected
-
f4488ed8da62e7e849070788bcf45eb70f4a2461333918b9b9087f8bbe8d2a22.exe.exe windows:5 windows x86 arch:x86
Password: infected
22f9f2606c25ef8bf6061b93336e819f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetModuleHandleExA
HeapAlloc
MoveFileExW
OpenJobObjectA
InterlockedDecrement
SetDefaultCommConfigW
CreateDirectoryW
FreeEnvironmentStringsA
GetTickCount
CreateNamedPipeW
GetConsoleAliasesLengthA
TzSpecificLocalTimeToSystemTime
GetSystemTimes
LoadLibraryW
GetLocaleInfoW
GetAtomNameW
CompareStringW
FlushFileBuffers
GetConsoleAliasesW
GetStartupInfoA
SetLastError
GetProcAddress
ResetEvent
OpenWaitableTimerA
LoadLibraryA
GetProcessWorkingSetSize
LocalAlloc
DnsHostnameToComputerNameA
SetCurrentDirectoryW
EnumDateFormatsA
FreeEnvironmentStringsW
GetCurrentDirectoryA
EndUpdateResourceA
FileTimeToLocalFileTime
GetVolumeInformationW
EnumSystemLocalesA
GetLocaleInfoA
EncodePointer
DecodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
HeapDestroy
Sleep
HeapSize
GetModuleFileNameA
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
GetLastError
GetCurrentThread
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
HeapReAlloc
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapFree
LCMapStringW
MultiByteToWideChar
GetStringTypeW
IsProcessorFeaturePresent
RaiseException
GetUserDefaultLCID
IsValidLocale
user32
GetClassLongW
Sections
.text Size: 137KB - Virtual size: 137KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.xasab Size: 512B - Virtual size: 124B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.xopo Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ