Static task
static1
Behavioral task
behavioral1
Sample
b47661cab45e3605653b74ebf27e24be.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b47661cab45e3605653b74ebf27e24be.exe
Resource
win10v2004-20240226-en
General
-
Target
b47661cab45e3605653b74ebf27e24be
-
Size
469KB
-
MD5
b47661cab45e3605653b74ebf27e24be
-
SHA1
41c992267adbcc05b14acc1ae85184dd46206307
-
SHA256
1219e30a630892166acf5ac461f20b08976130b8a59743e9561ed46f6bd0bbab
-
SHA512
04b7ab7b01985d75d35db457926169648ec5cd211b722cf4bc9c0cbd94398f417c812c96b97d2de8404a5b38841ecf6223f0ed875a4c19e64f9d13c7209e9330
-
SSDEEP
12288:apjp4eNw5JJQPbI+MOcZtkcPrvz8SzIqlXnEQ:acjOLSkcPP8SzIKXp
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b47661cab45e3605653b74ebf27e24be
Files
-
b47661cab45e3605653b74ebf27e24be.exe windows:5 windows x64 arch:x64
cd5cad826801745cd97d8fb014e0ab40
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
msvcrt
memset
setlocale
wcscmp
memmove
wcslen
wcscpy
wcscat
wcsncmp
floor
ceil
malloc
free
fseek
ftell
fread
memcpy
fclose
pow
??3@YAXPEAX@Z
_isnan
_wcsicmp
swscanf
tolower
_vsnwprintf
kernel32
GetModuleHandleW
HeapCreate
HeapDestroy
ExitProcess
GetVolumeInformationW
GetDiskFreeSpaceExW
GetDriveTypeW
CloseHandle
CreateFileW
DeviceIoControl
FormatMessageW
LocalFree
InitializeCriticalSection
GetModuleFileNameW
GetCurrentProcess
DuplicateHandle
CreatePipe
GetStdHandle
HeapAlloc
CreateProcessW
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetEnvironmentVariableW
SetEnvironmentVariableW
FreeLibrary
LoadLibraryW
WideCharToMultiByte
GetProcAddress
HeapReAlloc
LoadLibraryExW
GetCurrentProcessId
SetLastError
MulDiv
WriteFile
DeleteFileW
TlsAlloc
DeleteCriticalSection
Sleep
user32
ShowWindow
SendMessageW
DestroyIcon
DestroyWindow
SystemParametersInfoW
GetWindowTextLengthW
GetWindowTextW
GetDC
GetSystemMetrics
ReleaseDC
CreateWindowExW
GetWindowRect
GetWindowLongPtrW
GetWindow
SetWindowLongPtrW
InvalidateRect
SetWindowTextW
EnableWindow
CallWindowProcW
RemovePropW
DefWindowProcW
GetPropW
GetParent
SetPropW
FillRect
MapWindowPoints
MoveWindow
RedrawWindow
SetActiveWindow
LoadIconW
LoadCursorW
PeekMessageW
MsgWaitForMultipleObjects
GetMessageW
GetActiveWindow
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
RegisterClassW
AdjustWindowRectEx
UnregisterClassW
CreateAcceleratorTableW
SetWindowPos
IsWindowEnabled
IsWindowVisible
SetFocus
GetFocus
GetWindowThreadProcessId
GetKeyState
GetClassNameW
IsChild
EnumChildWindows
DefFrameProcW
DestroyAcceleratorTable
SetRect
PostMessageW
CharLowerW
RegisterWindowMessageW
gdi32
AddFontMemResourceEx
DeleteObject
GetStockObject
CreateFontIndirectW
SelectObject
GetTextExtentPoint32W
CreateCompatibleBitmap
GetObjectType
CreateDCW
CreateCompatibleDC
DeleteDC
GetObjectW
GetDeviceCaps
CreateBitmap
SetPixel
CreateDIBSection
GetDIBits
SetStretchBltMode
SetBrushOrgEx
StretchBlt
CreateFontW
shell32
ShellExecuteExW
ole32
CoInitialize
CoCreateInstance
CoUninitialize
RevokeDragDrop
msimg32
AlphaBlend
gdiplus
GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY
comctl32
InitCommonControlsEx
ImageList_Replace
ImageList_Add
ImageList_ReplaceIcon
ImageList_Remove
ImageList_AddMasked
ImageList_Destroy
ImageList_Create
Sections
.code Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.text Size: 60KB - Virtual size: 60KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 358KB - Virtual size: 361KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 34KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ