Static task
static1
Behavioral task
behavioral1
Sample
0b31dc8d9eeaa4a6803873a6c1380c72.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0b31dc8d9eeaa4a6803873a6c1380c72.exe
Resource
win10v2004-20240221-en
General
-
Target
0b31dc8d9eeaa4a6803873a6c1380c72.exe
-
Size
211KB
-
MD5
0b31dc8d9eeaa4a6803873a6c1380c72
-
SHA1
89a3961bb7b5e29ce53cfc9bb64daa216259a85e
-
SHA256
7c94ffaf6d76f18ce6bfc6039f9252a4b71d79e483d822aeab0de9b3189b6d0e
-
SHA512
7c00f36554dfb6b611227255da75b92bb2200ceadcf92f71fd280cad4c55ee64ed588338b4ed73b110cbf054ea4774c71abc2a66220a65549e04b642404fd26d
-
SSDEEP
3072:gyJtJkIZYF/TgVdkyrp90TvT5A70CutWTFlEz/BVwNMtyMz7:gyDahrgVdjrpc5EJkQMz
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 0b31dc8d9eeaa4a6803873a6c1380c72.exe
Files
-
0b31dc8d9eeaa4a6803873a6c1380c72.exe.exe windows:5 windows x86 arch:x86
31ecd6687d76b6ffcffcaad60df2b1c6
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
SystemTimeToTzSpecificLocalTime
HeapAlloc
SystemTimeToFileTime
SetEvent
FreeEnvironmentStringsA
GetTickCount
CreateNamedPipeW
GetConsoleAliasesA
GetConsoleAliasesLengthA
LoadLibraryW
AssignProcessToJobObject
ReplaceFileW
FlushFileBuffers
CreateDirectoryA
GetCurrentDirectoryW
WriteConsoleOutputCharacterA
lstrcmpiA
GetProcAddress
LoadLibraryA
GetProcessWorkingSetSize
LocalAlloc
AddAtomW
EnumDateFormatsA
EraseTape
FreeEnvironmentStringsW
VirtualProtect
CompareStringA
FatalAppExitA
EnumSystemLocalesA
GetLocaleInfoA
SetLastError
GetComputerNameA
GetUserDefaultLCID
CreateFileW
GetModuleHandleW
ExitProcess
DecodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
IsProcessorFeaturePresent
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
HeapDestroy
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
GetLocaleInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
GetModuleFileNameA
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
HeapFree
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
RtlUnwind
HeapReAlloc
LCMapStringW
MultiByteToWideChar
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetFilePointer
CloseHandle
WriteConsoleW
SetStdHandle
IsValidLocale
user32
GetClassLongW
advapi32
AccessCheckByType
ole32
CreateDataCache
Sections
.text Size: 155KB - Virtual size: 155KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 11KB - Virtual size: 39.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.von Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 29KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ