Static task
static1
Behavioral task
behavioral1
Sample
d374d9dc642a12cae3d2064387602f4d.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d374d9dc642a12cae3d2064387602f4d.exe
Resource
win10v2004-20240226-en
General
-
Target
d374d9dc642a12cae3d2064387602f4d
-
Size
92KB
-
MD5
d374d9dc642a12cae3d2064387602f4d
-
SHA1
d6ff2ba3b0b3692fbc8b162803385faa3017697b
-
SHA256
cab8ce421945f2c873ce369bbfb3160df0e19fa2f8b0da00f6541c22ca3b4dde
-
SHA512
5703f6c821f333d7d7ce9750b11f4c1980579a31b927e06ea55b786807b737c8374461cb9576ac84ae22c721db39f63304da7876b7b9c03907e38fcba0755688
-
SSDEEP
1536:TeX37eGmdzednUiZW0k1mz6xS9oQZOyX2TE4Vhcmvwc:TeX37edix9Zwmh9row2Y4Vhcmwc
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d374d9dc642a12cae3d2064387602f4d
Files
-
d374d9dc642a12cae3d2064387602f4d.exe windows:4 windows x86 arch:x86
25b766bfd8417498f5b6d1a2c945acbe
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetProcAddress
SetLastError
SetConsoleTextAttribute
GetConsoleAliasExesA
GetProfileSectionA
ResetWriteWatch
IsBadWritePtr
QueryInformationJobObject
GetCommandLineA
GetUserDefaultLangID
SetConsoleMode
IsBadCodePtr
FillConsoleOutputAttribute
CreateJobObjectA
EnterCriticalSection
GetCommandLineA
GetStartupInfoA
ExitProcess
ntdll
RtlZeroHeap
vsprintf
NtLockFile
strstr
NtReplaceKey
Sections
.rdata Size: 4KB - Virtual size: 92KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.adata Size: 76KB - Virtual size: 76KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
weijunli Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ