Static task
static1
Behavioral task
behavioral1
Sample
7afa252d9518da1ef77e4fb9c466e2e5fce7e01c18a73d1e26cf5b8699a04b99.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7afa252d9518da1ef77e4fb9c466e2e5fce7e01c18a73d1e26cf5b8699a04b99.exe
Resource
win10v2004-20240226-en
General
-
Target
7afa252d9518da1ef77e4fb9c466e2e5fce7e01c18a73d1e26cf5b8699a04b99
-
Size
1.6MB
-
MD5
2ac70ae8adc910576995ec41fc56d90d
-
SHA1
7f35d978d3ad2cc51c63c4f86c91d13c9e3f203b
-
SHA256
7afa252d9518da1ef77e4fb9c466e2e5fce7e01c18a73d1e26cf5b8699a04b99
-
SHA512
f8ca56d9bb8844e9b4c2c3bc4d8661d25649c2e4ace2e4a3371d8aca5d93dddcaca08589cda8667203404744ecbf76f6fde5282507ab41cc07378b33c8d8e389
-
SSDEEP
12288:3RQBbI+I2X1DlACfYx2KPTvrmf8+5eC9veMlJHdr9nMQv9cYXqNiOIjQkcu:6B0LVxg5e6veM1XqjNzu
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 7afa252d9518da1ef77e4fb9c466e2e5fce7e01c18a73d1e26cf5b8699a04b99
Files
-
7afa252d9518da1ef77e4fb9c466e2e5fce7e01c18a73d1e26cf5b8699a04b99.exe windows:4 windows x86 arch:x86
980f1fb90910647a422be6dfcfff3c06
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetFileInformationByHandle
CreateFileA
GetLastError
GetVolumeInformationA
GetDriveTypeA
GetCommandLineA
GetACP
GetVersion
SetHandleCount
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCurrentProcessId
ExitProcess
TerminateProcess
GetCurrentProcess
HeapAlloc
MultiByteToWideChar
HeapFree
DeleteFileA
GetCurrentDirectoryA
GetFullPathNameA
CreateDirectoryA
HeapReAlloc
GetFileType
WriteFile
GetStdHandle
GetModuleFileNameA
SetFilePointer
SetStdHandle
SetConsoleCtrlHandler
ReadFile
SetEndOfFile
CloseHandle
GetModuleHandleA
RtlUnwind
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetOEMCP
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
HeapSize
VirtualAlloc
SetEnvironmentVariableW
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
LoadLibraryA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
CompareStringA
CompareStringW
FlushFileBuffers
GetLocaleInfoA
GetLocaleInfoW
RaiseException
GetFileAttributesA
FindFirstFileA
FindNextFileA
GetProcAddress
FindClose
Sleep
GetSystemInfo
GetCurrentThreadId
FileTimeToSystemTime
FileTimeToLocalFileTime
advapi32
OpenServiceA
QueryServiceStatus
GetUserNameA
OpenSCManagerA
user32
GetThreadDesktop
GetProcessWindowStation
GetUserObjectInformationA
ws2_32
send
recv
htons
inet_addr
gethostbyname
closesocket
connect
socket
WSAGetLastError
WSAStartup
WSACleanup
gethostname
Sections
.text Size: 651KB - Virtual size: 651KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 581KB - Virtual size: 160.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 365KB - Virtual size: 365KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
˦�0�u6 Size: 16KB - Virtual size: 20KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE