c:\users\user\documents\visual studio 2005\projects\emetim\release\Emetim.pdb
Static task
static1
Behavioral task
behavioral1
Sample
b1cad1540ecb290088252635f8e130022eed7486eb128c0ca3d676945d60a9fc.exe
Resource
win7-20240221-en
General
-
Target
b1cad1540ecb290088252635f8e130022eed7486eb128c0ca3d676945d60a9fc.zip
-
Size
162KB
-
MD5
cac4638f1c9293ed5a5bf5f1ac21b904
-
SHA1
7c753388f2c5dd946fe6e86d5c8f2728be8504ee
-
SHA256
3a5d3ccbe1161064dd4900cbd8ca11797b13b9692fc66d3a632e53767b4fdc34
-
SHA512
f4e382bc0c0fc63994b3ab2f363402c8c4ec359301a0832cd7f909cac2fafee711c975621dad86fa9e886e96c7027f6e148bd317e33951ef9abb9c9ef4063c8b
-
SSDEEP
3072:WKq+oB71FeB+YukkwOS4GE7m9zTV3Lr2F36PubzGiHEK078:ZjO6xuof32t66KM04
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/b1cad1540ecb290088252635f8e130022eed7486eb128c0ca3d676945d60a9fc.exe
Files
-
b1cad1540ecb290088252635f8e130022eed7486eb128c0ca3d676945d60a9fc.zip.zip
Password: infected
-
b1cad1540ecb290088252635f8e130022eed7486eb128c0ca3d676945d60a9fc.exe.exe windows:4 windows x86 arch:x86
Password: infected
efe1c3568d5733ccb1e9d2b524c47cea
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
ReadFile
LoadLibraryA
FreeLibrary
SetConsoleCtrlHandler
GetTimeZoneInformation
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
HeapSize
CloseHandle
CreateFileA
CompareStringA
CompareStringW
GetProcAddress
GetModuleHandleA
IsValidCodePage
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
RaiseException
RtlUnwind
HeapAlloc
GetCommandLineA
HeapFree
GetVersionExA
GetProcessHeap
GetStartupInfoA
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
GetACP
GetOEMCP
FatalAppExitA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
SetEnvironmentVariableA
user32
LoadImageA
GetWindowLongA
SetWindowLongA
BeginPaint
GetClientRect
EndPaint
LoadIconA
LoadCursorA
RegisterClassExA
GetSystemMetrics
CreateWindowExA
ShowWindow
UpdateWindow
GetWindowRect
DefWindowProcA
PostQuitMessage
DestroyWindow
UnregisterClassA
GetMessageA
TranslateMessage
DispatchMessageA
TranslateAcceleratorA
LoadStringW
gdi32
GetObjectA
DeleteObject
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetStockObject
Exports
Exports
Run
Sections
.text Size: 232KB - Virtual size: 231KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 132KB - Virtual size: 129KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 590B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ