Static task
static1
Behavioral task
behavioral1
Sample
19ca5aa4cd62929afb255d2b38e70fd3143e3b181889e84348a5c896e577d708.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
19ca5aa4cd62929afb255d2b38e70fd3143e3b181889e84348a5c896e577d708.exe
Resource
win10v2004-20240226-en
General
-
Target
16210001048.zip
-
Size
76KB
-
MD5
e45b4d1475b1d5049c7b871a510b7b79
-
SHA1
69674835b87b3337095d2c1e544ddbd6661c8c8e
-
SHA256
bf717eadc0e13a52f9f23e680ec4bdfc96c85411155162d138625b310323972a
-
SHA512
652e6dfbcc83a3d2e69c2b1f3c7d9c95df5034b137ff02064d146a0e46e61c8dda75a814c951a52ef34b24c89f392ca898da01cd520e135e48264622de2dc697
-
SSDEEP
1536:AGKyxT7UI2PRSeEjF+fC5NOSPKFrGxd8AEQrrbu:AGKkMI2P8PFsgTK0xNZi
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/19ca5aa4cd62929afb255d2b38e70fd3143e3b181889e84348a5c896e577d708
Files
-
16210001048.zip.zip
Password: infected
-
19ca5aa4cd62929afb255d2b38e70fd3143e3b181889e84348a5c896e577d708.exe windows:5 windows x86 arch:x86
Password: infected
168ea5b327edf5713a2bb8e19a928d13
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
netapi32
NetShareEnum
NetApiBufferFree
iphlpapi
GetAdaptersInfo
ws2_32
ioctlsocket
htons
connect
socket
inet_addr
WSAStartup
select
closesocket
__WSAFDIsSet
WSACleanup
WSAGetLastError
crypt32
CryptBinaryToStringA
gdiplus
GdipDeleteGraphics
GdipDeleteStringFormat
GdipDeleteFont
GdipGetImageGraphicsContext
GdiplusStartup
GdipCreateStringFormat
GdipSetStringFormatAlign
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipCloneBrush
GdipDrawString
GdipDeleteBrush
GdipAlloc
GdipDisposeImage
GdipCreateLineBrushFromRect
GdipSetStringFormatLineAlign
GdipCreateFont
GdipFree
GdipCreateBitmapFromScan0
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipGetImageEncoders
GdipFillRectangle
GdipCreateFontFamilyFromName
shlwapi
PathAddBackslashW
PathFindExtensionW
PathRemoveBackslashW
PathRemoveExtensionA
PathRemoveFileSpecW
StrFormatByteSize64A
mpr
WNetCloseEnum
WNetAddConnection2W
WNetOpenEnumW
WNetGetConnectionW
WNetEnumResourceW
ntdll
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
NtSetInformationThread
NtAdjustPrivilegesToken
NtOpenProcessToken
NtQueryInformationToken
RtlGetAce
NtOpenProcess
RtlQueryInformationAcl
RtlAllocateAndInitializeSid
RtlAddAce
RtlLengthSid
NtClose
RtlAdjustPrivilege
RtlFreeSid
RtlAddAccessDeniedAce
NtSetInformationProcess
RtlCreateAcl
NtWaitForSingleObject
NtSetInformationFile
NtCreateIoCompletion
NtRemoveIoCompletion
NtQueryInformationFile
RtlInterlockedPushEntrySList
RtlInitializeSListHead
RtlInterlockedPopEntrySList
RtlInterlockedFlushSList
RtlInitUnicodeString
NtAllocateVirtualMemory
LdrEnumerateLoadedModules
RtlAcquirePebLock
RtlReleasePebLock
msvcrt
malloc
calloc
free
kernel32
SetProcessShutdownParameters
FindFirstFileExW
SetConsoleMode
WriteFile
GetWindowsDirectoryW
MoveFileW
SystemTimeToFileTime
SetFileTime
ReadFile
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
FindVolumeClose
SetConsoleTitleA
SetConsoleTextAttribute
GetModuleHandleA
SetConsoleCtrlHandler
GetConsoleMode
GetLocalTime
SetVolumeMountPointW
FindFirstVolumeW
QueryDosDeviceW
CreateProcessA
lstrcmpiA
GetCurrentProcessId
MoveFileExW
Process32Next
CreateToolhelp32Snapshot
OpenProcess
GetSystemDefaultLangID
TerminateProcess
Process32First
LoadLibraryA
OpenMutexA
CreateMutexA
GetTempFileNameW
GetTempPathW
GetDriveTypeW
lstrcmpiW
ExitProcess
CreateThread
CloseHandle
DeleteFileW
GetDiskFreeSpaceExW
SetFileAttributesW
ExitThread
GetFileAttributesW
CreateFileW
FindClose
SetThreadUILanguage
WaitForMultipleObjects
FindNextFileW
GetProcAddress
GetLogicalDrives
AllocConsole
GetConsoleWindow
user32
GetSystemMenu
IsWindowVisible
DeleteMenu
GetMessageW
ShowWindow
GetWindowThreadProcessId
PeekMessageW
GetWindowLongA
wvsprintfA
RegisterHotKey
FlashWindow
SetLayeredWindowAttributes
EnableMenuItem
CharLowerBuffW
CharUpperA
MessageBoxA
wsprintfW
SystemParametersInfoW
GetSystemMetrics
wsprintfA
SetWindowLongA
GetShellWindow
advapi32
CloseServiceHandle
RegSetValueExA
RegOpenKeyA
RegCloseKey
CryptReleaseContext
InitializeSecurityDescriptor
RegQueryValueExA
OpenProcessToken
DuplicateToken
OpenThreadToken
GetTokenInformation
SetSecurityInfo
GetSecurityInfo
CheckTokenMembership
CreateWellKnownSid
EnumDependentServicesA
SetThreadToken
OpenSCManagerA
RegCreateKeyExA
ControlService
RegSetValueExW
RegDeleteValueW
QueryServiceStatusEx
RegQueryValueExW
OpenServiceA
SetFileSecurityW
CryptAcquireContextW
SetSecurityDescriptorOwner
CryptGenRandom
LookupPrivilegeValueA
shell32
SHEmptyRecycleBinW
ShellExecuteExA
ShellExecuteExW
CommandLineToArgvW
ole32
CoGetObject
CoUninitialize
CoInitializeEx
Sections
.text Size: 121KB - Virtual size: 121KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE