C:\bafuzudavopo_gobop.pdb
Static task
static1
Behavioral task
behavioral1
Sample
99d42ee02b2d43170796ccb36e5f05318a713fbbb2b48067024a555a58a57dc9.exe
Resource
win7-20240221-en
General
-
Target
99d42ee02b2d43170796ccb36e5f05318a713fbbb2b48067024a555a58a57dc9.zip
-
Size
180KB
-
MD5
a8d268097f3b82e4c56d15c39c7d656b
-
SHA1
555fa9aef7ce26e2c6147ee56292c30daf0ed267
-
SHA256
2567a4997039d3514ff830fc78b2e33c563f8af4b88bf0f161fea042535862ef
-
SHA512
d1502fdf8dc785068bab86cdb8432a87b8a7f24e42bb0abea02d1ca0414c1a6dfc53aa97fdd2a1402a75163a918e29d7a718109b0de31356b831f4d49e2d3654
-
SSDEEP
3072:9Webxq48OBoAIBY15fP1NosXXCavDga/YcPSi92Ysk6pROTMlEc2cJQqDMI2pyKD:Wu1GY1NdDXPvcaBqi9B63QMveiWp4nOZ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/99d42ee02b2d43170796ccb36e5f05318a713fbbb2b48067024a555a58a57dc9.exe
Files
-
99d42ee02b2d43170796ccb36e5f05318a713fbbb2b48067024a555a58a57dc9.zip.zip
Password: infected
-
99d42ee02b2d43170796ccb36e5f05318a713fbbb2b48067024a555a58a57dc9.exe.exe windows:5 windows x86 arch:x86
Password: infected
d6cc7eef7e91d5b40575c3542ffc17dc
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
InterlockedIncrement
SetConsoleTextAttribute
ReadConsoleA
GetCurrentProcess
GetTickCount
GetCommConfig
GetConsoleAliasesLengthA
GetWindowsDirectoryA
GlobalAlloc
GetVolumeInformationA
GetLocaleInfoW
GetSystemPowerStatus
GetConsoleAliasExesLengthW
GetVersionExW
FindNextVolumeW
GetConsoleAliasW
CreateFileW
ExitThread
GetHandleInformation
GetLastError
GetCurrentDirectoryW
FindResourceW
PeekConsoleInputW
RemoveDirectoryA
LoadLibraryA
WriteConsoleA
GetNumberFormatW
QueryDosDeviceW
GlobalFindAtomW
GetModuleFileNameA
FindFirstVolumeMountPointA
VirtualProtect
_lopen
GetCurrentProcessId
ResetWriteWatch
AreFileApisANSI
OutputDebugStringW
HeapReAlloc
LoadLibraryExW
GetProcAddress
GetEnvironmentVariableW
MultiByteToWideChar
EncodePointer
DecodePointer
ReadFile
GetCommandLineA
RaiseException
RtlUnwind
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
FlushFileBuffers
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
DeleteCriticalSection
ExitProcess
GetModuleHandleExW
HeapSize
HeapFree
IsDebuggerPresent
SetFilePointerEx
GetStdHandle
GetFileType
GetStartupInfoW
HeapAlloc
GetProcessHeap
GetModuleFileNameW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetStringTypeW
LCMapStringW
SetStdHandle
WriteConsoleW
CloseHandle
user32
ChangeMenuA
CharLowerBuffA
DrawFrameControl
CharUpperBuffW
advapi32
ReadEventLogA
Sections
.text Size: 57KB - Virtual size: 57KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 168KB - Virtual size: 6.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 57KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ