Static task
static1
Behavioral task
behavioral1
Sample
e094eed516252af8de1773c0fc9da68a.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e094eed516252af8de1773c0fc9da68a.exe
Resource
win10v2004-20240226-en
General
-
Target
e094eed516252af8de1773c0fc9da68a
-
Size
46KB
-
MD5
e094eed516252af8de1773c0fc9da68a
-
SHA1
3854c4016639a6d0bd0354589bff49e87657086b
-
SHA256
0f243d29f9b94a2b1906a12995f0b54e57b60a10499ffbb4796c35ab84507bee
-
SHA512
ddf97b95394619db9a91418febedb5596e04cac7d047d0a45c1f0dcdfebae2ac6c44439f84511414261254d8e9ff369ede645a1d6b7b66cb0edc42ae103f973c
-
SSDEEP
768:uqDaQeNcgVXq4UeUDt8n36hFhM6nAI79YbtvtoqfXGUxTx/RwdtQDJ9RX8:uCAFpUeUenIJxyBvRXGiTx/RwrQD7RX
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource e094eed516252af8de1773c0fc9da68a
Files
-
e094eed516252af8de1773c0fc9da68a.exe windows:5 windows x86 arch:x86
a0715ecad7b0df0765f39a25eabf01ae
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
RegCloseKey
CryptReleaseContext
RegDeleteValueA
RegQueryValueExA
DuplicateTokenEx
CryptCreateHash
CryptGetHashParam
CryptDestroyHash
shlwapi
PathCombineW
wvnsprintfA
PathRemoveFileSpecW
wnsprintfA
PathMatchSpecW
StrCmpNIA
StrStrW
PathFileExistsW
wvnsprintfW
StrCmpNIW
wnsprintfW
PathFindFileNameW
Sections
.odmf Size: 36KB - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.mpov Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.dox Size: 5KB - Virtual size: 72KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ