Static task
static1
Behavioral task
behavioral1
Sample
d4ec977cf555ab006c9e44154475d2ea.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d4ec977cf555ab006c9e44154475d2ea.exe
Resource
win10v2004-20240226-en
General
-
Target
d4ec977cf555ab006c9e44154475d2ea
-
Size
432KB
-
MD5
d4ec977cf555ab006c9e44154475d2ea
-
SHA1
571f89d2b944577cc3423d95cf4d3e820de6a59c
-
SHA256
6c021a34ecfc0c7c7746f0bb40748d7f5d700686abd68b5b656634a827b5fb0b
-
SHA512
d8855b28475fedb327fc74c718b887e40031c442b10e4be2cb0698a24b22eb9ef2775403bd2135286150db9799fc60e846a3405e7b8e486c74aef7451df0b857
-
SSDEEP
12288:67ksB82JlII3iMuXlXepDgbejoFtlLohlB532C/kR:UB82JWI3iMuVXe9gicS7mC/
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d4ec977cf555ab006c9e44154475d2ea
Files
-
d4ec977cf555ab006c9e44154475d2ea.exe windows:4 windows x86 arch:x86
5218af070ee560609b48ebc4ed6f655c
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
CryptAcquireContextA
RegLoadKeyW
RegEnumKeyExA
DuplicateTokenEx
InitiateSystemShutdownA
LookupAccountNameW
RegOpenKeyA
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyW
RegQueryValueA
CreateServiceA
RegEnumValueA
CryptDeriveKey
CryptEncrypt
RegOpenKeyExW
RegReplaceKeyW
RegDeleteKeyA
RegSetValueExW
CryptCreateHash
RegOpenKeyExA
RevertToSelf
RegRestoreKeyA
RegConnectRegistryA
user32
UnloadKeyboardLayout
CreatePopupMenu
GetKeyboardType
DialogBoxParamW
GetInputState
InternalGetWindowText
LookupIconIdFromDirectoryEx
EnumClipboardFormats
GetSubMenu
MessageBoxIndirectA
IsCharUpperA
EditWndProc
CheckDlgButton
DragObject
ScrollWindowEx
GetMenuItemInfoA
ArrangeIconicWindows
GetWindowTextW
DefMDIChildProcW
SetScrollPos
EnumDisplaySettingsW
GetMessageA
SetCaretBlinkTime
comdlg32
PrintDlgA
ReplaceTextA
PageSetupDlgA
ChooseColorW
GetFileTitleW
shell32
InternalExtractIconListA
SHGetSettings
DragQueryFile
DuplicateIcon
InternalExtractIconListW
DragFinish
DoEnvironmentSubstA
SheChangeDirA
ExtractIconEx
FindExecutableW
ExtractAssociatedIconExW
SHBrowseForFolderW
SHGetDiskFreeSpaceA
ShellAboutW
FindExecutableA
SHFreeNameMappings
SHEmptyRecycleBinA
kernel32
GetStringTypeW
GetLocaleInfoW
RtlUnwind
LoadLibraryExA
TerminateProcess
SetUnhandledExceptionFilter
ReadConsoleInputW
ConnectNamedPipe
LeaveCriticalSection
SetHandleCount
IsValidLocale
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetPrivateProfileSectionNamesA
VirtualAlloc
GetEnvironmentStringsW
FreeEnvironmentStringsA
LCMapStringA
TlsSetValue
FindFirstFileW
lstrcatA
GetLocaleInfoA
GetLongPathNameA
GetDateFormatA
ReadFileEx
HeapCreate
GetFileType
GetTimeZoneInformation
GetStartupInfoA
VirtualQuery
CompareStringA
GetModuleFileNameA
IsDebuggerPresent
GetStdHandle
HeapAlloc
GetProcessHeap
GetVersion
TlsAlloc
WideCharToMultiByte
GetStringTypeA
AllocConsole
GetTickCount
GlobalCompact
LCMapStringW
lstrlenA
IsValidCodePage
EnterCriticalSection
LocalShrink
GetSystemTimeAsFileTime
TlsFree
InterlockedDecrement
TlsGetValue
GetTimeFormatA
GetLastError
GetUserDefaultLCID
SetEnvironmentVariableA
InitializeCriticalSection
GetACP
GetEnvironmentStrings
lstrcmpiA
GetCPInfo
InterlockedIncrement
HeapSize
CompareStringW
FreeLibrary
Sleep
SetLastError
GetCurrentThreadId
VirtualFree
WriteFile
GetCommandLineA
GetProcAddress
WaitForMultipleObjects
QueryPerformanceCounter
GetModuleHandleA
EnumSystemLocalesA
GetCurrentThread
LoadLibraryA
HeapDestroy
MultiByteToWideChar
DeleteCriticalSection
GetTimeFormatW
InterlockedExchange
ExitProcess
HeapReAlloc
GetVersionExA
SetConsoleActiveScreenBuffer
SuspendThread
GetOEMCP
HeapFree
GetCurrentProcess
AddAtomW
GetCurrentProcessId
GetAtomNameW
SetConsoleCtrlHandler
Sections
.text Size: 147KB - Virtual size: 146KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 276KB - Virtual size: 275KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ