Static task
static1
Behavioral task
behavioral1
Sample
d56f660a9a4e32c0ff1baab209d02d45.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
d56f660a9a4e32c0ff1baab209d02d45.exe
Resource
win10v2004-20231215-en
General
-
Target
d56f660a9a4e32c0ff1baab209d02d45
-
Size
239KB
-
MD5
d56f660a9a4e32c0ff1baab209d02d45
-
SHA1
2b95d30896ec29de5e82e1f5829f49ed47d32fe2
-
SHA256
b25ab4b1ffca88839ae4d4735f6217e809e0f8db6a68221b5737a8a9d387b587
-
SHA512
1cb968d92f70dda0ab2aa4d3b88eaf2860b7dba1bc00f98d12370c0f90003557658d7a54f2145b9a6ee57a4dedc85b1913c87349e0215d87ee3c830c9109b762
-
SSDEEP
3072:Gfm1V7oSBRAMV/OafQ2NTo9bXNz1IoBMzYI2bcM+6/pMbLf0naXL2cnYPLBSSgfd:t1V1F5yXNz12jScM6qcYDoPaw
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d56f660a9a4e32c0ff1baab209d02d45
Files
-
d56f660a9a4e32c0ff1baab209d02d45.exe windows:5 windows x86 arch:x86
63afa362613a4065caea2c234439eb8a
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
shlwapi
PathFileExistsW
PathFindFileNameW
SHDeleteKeyA
StrCmpNIW
PathMatchSpecW
StrStrW
wvnsprintfW
wnsprintfW
PathRemoveFileSpecW
PathCombineW
wvnsprintfA
StrCmpNIA
wnsprintfA
advapi32
CryptReleaseContext
CryptGetHashParam
RegDeleteValueA
DuplicateTokenEx
CryptCreateHash
RegQueryValueExA
RegCloseKey
Sections
.zsl Size: 39KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.qnmbsf Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.jovop Size: 5KB - Virtual size: 72KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ