Start
Static task
static1
Behavioral task
behavioral1
Sample
a2449bc80cef9117c5afeae850fad00f671e3ddffe8c0c4f32328686dead719a.exe
Resource
win7-20240221-en
General
-
Target
4828abd9d1245036b5193268ef6ba148.bin
-
Size
1.9MB
-
MD5
6450ae23234e5672c18e1b1974d3f6f2
-
SHA1
4acc96635baa79cebf83c904391526cc0cf4774d
-
SHA256
0f0262f3b7a7a7c054097a0adb2dbb0318ebed6634a857d6c80fc5cbc2b7010d
-
SHA512
8974ae5e738cb87abeeec0c91b8299ffdde3c4dc2986af0bd79e589b29865e94e5c56b5ec2990add42bb77941527534a0759281292404f0f39dd834b9eda9062
-
SSDEEP
49152:mRY5ouMGNeKzzRHaMwpvuoEWNIfA6yMXCUppOPc:75on+eSxaDvuoEW+A6yMX7SE
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/a2449bc80cef9117c5afeae850fad00f671e3ddffe8c0c4f32328686dead719a.exe
Files
-
4828abd9d1245036b5193268ef6ba148.bin.zip
Password: infected
-
a2449bc80cef9117c5afeae850fad00f671e3ddffe8c0c4f32328686dead719a.exe.exe windows:6 windows x86 arch:x86
Password: infected
baa93d47220682c04d92f7797d9224ce
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
lstrcpy
comctl32
InitCommonControls
Exports
Exports
Sections
Size: 574KB - Virtual size: 1.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
zjmspsgn Size: 2.4MB - Virtual size: 2.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
urighjtk Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.taggant Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE