Static task
static1
Behavioral task
behavioral1
Sample
76a2b19bc8d73f17efc3edfc50eea27e.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
76a2b19bc8d73f17efc3edfc50eea27e.exe
Resource
win10v2004-20240226-en
General
-
Target
76a2b19bc8d73f17efc3edfc50eea27e
-
Size
249KB
-
MD5
76a2b19bc8d73f17efc3edfc50eea27e
-
SHA1
997ed19ecccdd37babc6e4c09d581db121c519cb
-
SHA256
9c42bb89102292146087d8cf7435bdb29a703c47eb70e10fccd181d1768cb1d3
-
SHA512
7279722713a7b1727d1b8a768a2c22d99cd6557bb8dd066541073acc6ba64cef59b1ecbc279d74f718eba1a02ac7f3a74cdb3c64a0ed8c86f64655f160d58b89
-
SSDEEP
6144:Wg5fJI8RTsUTUtUMU8U69pK1rTFKwYdy7Lis9yJ0FEUkDAX7Ufu40brpeb:Wg5fJI8RTi9p8FKwYdy7Lis9yXZDAXQF
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 76a2b19bc8d73f17efc3edfc50eea27e
Files
-
76a2b19bc8d73f17efc3edfc50eea27e.exe windows:6 windows x86 arch:x86
6ad66b9e28c0fa16d00c21343b49c9e6
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
CreateMutexA
GetCurrentProcess
GetCurrentProcessId
CreateThread
GetExitCodeThread
GetSystemInfo
VirtualProtect
VirtualQuery
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetLastError
LoadLibraryA
GetComputerNameA
GetFileInformationByHandle
ReadFile
SetFilePointer
WriteFile
SetLastError
VirtualAlloc
VirtualFree
UnmapViewOfFile
FreeLibrary
K32GetModuleFileNameExW
K32GetModuleInformation
ExpandEnvironmentStringsW
GetFileAttributesW
ExitProcess
CreateFileW
GetConsoleMode
CloseHandle
GetProcAddress
DecodePointer
GetConsoleOutputCP
FlushFileBuffers
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
GetCurrentThreadId
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
OutputDebugStringW
RaiseException
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
InitializeSListHead
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
LCMapStringW
GetFileType
SetFilePointerEx
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
WriteConsoleW
shell32
ShellExecuteA
ws2_32
closesocket
sendto
gethostbyname
recv
inet_addr
urlmon
URLDownloadToFileA
Sections
.text Size: 195KB - Virtual size: 194KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 37KB - Virtual size: 37KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ