Static task
static1
Behavioral task
behavioral1
Sample
a1af30cea306a668c3744f5ce4d69767.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a1af30cea306a668c3744f5ce4d69767.exe
Resource
win10v2004-20240221-en
General
-
Target
a1af30cea306a668c3744f5ce4d69767
-
Size
77KB
-
MD5
a1af30cea306a668c3744f5ce4d69767
-
SHA1
0fef0088b1c75863d93cd7dd8ae32b0d9c3625b1
-
SHA256
552d92480be5819218b8113ee39561b91bbde8a5be034a9dfcafaceda64891d2
-
SHA512
84582a7540d644e383778fa72d76514217cb02e372f8f6d5d435939ad6629714432de23961b8e34e2133b5d06bf70bc0488b358fc8a973868fb7d4641baf7304
-
SSDEEP
1536:xtquacfNdNTeZVdrQi6OFzvJPDlpw2+X1mHSIRm8OpY8f+DS01Las9CO:xtY8pK1QiRuZXHw6Y8fIx
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a1af30cea306a668c3744f5ce4d69767
Files
-
a1af30cea306a668c3744f5ce4d69767.exe windows:4 windows x86 arch:x86
1b51904180dbc4099bf824bcb96f9155
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
wininet
GopherFindFirstFileA
GopherOpenFileW
FtpGetFileW
FreeUrlCacheSpaceA
HttpQueryInfoA
user32
DrawIcon
DestroyCaret
FillRect
GetActiveWindow
GetMonitorInfoW
GetShellWindow
advapi32
ReportEventW
RegFlushKey
DecryptFileW
ReadEventLogW
OpenThreadToken
Sections
.text Size: 48KB - Virtual size: 55KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 24KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE