Static task
static1
Behavioral task
behavioral1
Sample
c98d1dfaac6128a6f9a3b163cf700e52.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c98d1dfaac6128a6f9a3b163cf700e52.exe
Resource
win10v2004-20240226-en
General
-
Target
c98d1dfaac6128a6f9a3b163cf700e52
-
Size
63KB
-
MD5
c98d1dfaac6128a6f9a3b163cf700e52
-
SHA1
d9d42de8e7d6a997f98454c6de79a16736186fe1
-
SHA256
987fc2f5cc6e8aa5d9264f69fb1a0b7055f043fcd47f12de44926f1f05615d14
-
SHA512
c904d28b3fb44c182d155b3310bb2e015eaf63e532f96a1d8df9815098d6044e41e8dbdea0e3a4eee92bb70dd18e02f2f5c09f71bd0c43f0fc9791ca79804c30
-
SSDEEP
1536:XmimlpdVPpVzhHExE5EM4ZMv6RG1pBx8ohtkhax6m:WiozhHExE5EIv6oByohtkhax6m
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c98d1dfaac6128a6f9a3b163cf700e52
Files
-
c98d1dfaac6128a6f9a3b163cf700e52.exe windows:4 windows x86 arch:x86
daf3be24c1b81cff2b9bf84c50a23929
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
shutdown
inet_ntoa
ntohl
htonl
ioctlsocket
setsockopt
bind
listen
accept
getsockname
inet_addr
gethostbyname
select
WSAStartup
WSACleanup
htons
socket
connect
send
closesocket
recv
user32
CharLowerA
advapi32
GetUserNameA
kernel32
RtlUnwind
GetStartupInfoA
GetFileType
SetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FlushFileBuffers
SetFilePointer
CreateFileA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetEndOfFile
GetStdHandle
CloseHandle
CreateProcessA
ExitThread
ExitProcess
GetTempPathA
lstrcmpiA
Sleep
GetTickCount
GetLastError
OpenMutexA
TerminateThread
WaitForSingleObject
CreateThread
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapAlloc
GetCommandLineA
GetVersion
HeapFree
WriteFile
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ReadFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
Sections
.text Size: 42KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 17KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE