Resubmissions
13-04-2024 09:28
240413-lfvc7acf52 1013-04-2024 09:28
240413-lft3esff2x 1013-04-2024 09:28
240413-lfemqsff2t 1013-04-2024 09:27
240413-le61lafe91 1013-04-2024 09:27
240413-le6ptsfe9z 1009-04-2024 08:16
240409-j555wadf8x 1009-04-2024 08:16
240409-j55t4sdf8v 1009-04-2024 08:16
240409-j54xtaad59 1009-04-2024 08:15
240409-j52sfsad57 1004-11-2020 01:00
201104-p65ygpgpnx 9Static task
static1
Behavioral task
behavioral1
Sample
a188e147ba147455ce5e3a6eb8ac1a46bdd58588de7af53d4ad542c6986491f4.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a188e147ba147455ce5e3a6eb8ac1a46bdd58588de7af53d4ad542c6986491f4.exe
Resource
win10-20240319-en
Behavioral task
behavioral3
Sample
a188e147ba147455ce5e3a6eb8ac1a46bdd58588de7af53d4ad542c6986491f4.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral4
Sample
a188e147ba147455ce5e3a6eb8ac1a46bdd58588de7af53d4ad542c6986491f4.exe
Resource
win11-20240412-en
General
-
Target
a188e147ba147455ce5e3a6eb8ac1a46bdd58588de7af53d4ad542c6986491f4.bin
-
Size
483KB
-
MD5
3265b2b0afc6d2ad0bdd55af8edb9b37
-
SHA1
24272beb676d956ec8a65b95a2615c9075fa9869
-
SHA256
a188e147ba147455ce5e3a6eb8ac1a46bdd58588de7af53d4ad542c6986491f4
-
SHA512
28f99da799b43a5fd060b5cab411911b54ceeb51e612ec6213c2b8003ee6de29bc46683ba04507c0e8a92e9fbec4be5cecbc8918618db9c15f231a5be806cb94
-
SSDEEP
12288:JF+dRkCGjzKd5Ik6ZDEyyq8Me0KzYB3IvClBTn:JF+deC2+d5AZLde0KcBU4BT
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource a188e147ba147455ce5e3a6eb8ac1a46bdd58588de7af53d4ad542c6986491f4.bin
Files
-
a188e147ba147455ce5e3a6eb8ac1a46bdd58588de7af53d4ad542c6986491f4.bin.exe windows:5 windows x86 arch:x86
9941c7dfdbc8c641189a02ae72628db8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
rstrtmgr
RmEndSession
RmGetList
RmStartSession
RmRegisterResources
virtdisk
AttachVirtualDisk
GetVirtualDiskPhysicalPath
OpenVirtualDisk
iphlpapi
IcmpCreateFile
IcmpSendEcho
GetAdaptersInfo
netapi32
NetServerEnum
NetShareEnum
NetApiBufferFree
ws2_32
WSACleanup
inet_addr
WSAStartup
socket
closesocket
connect
gethostbyname
recv
gethostbyaddr
send
inet_ntoa
htons
crypt32
CryptImportPublicKeyInfo
CryptStringToBinaryA
CryptDecodeObjectEx
kernel32
FlushFileBuffers
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
GetConsoleMode
ReadFile
ReadConsoleW
SetFilePointerEx
GetVersion
GetLastError
Sleep
GetTickCount
GetModuleFileNameA
GetSystemDirectoryA
CreateFileA
SetFileAttributesA
GetFileAttributesW
ReadDirectoryChangesW
SetUnhandledExceptionFilter
SetErrorMode
ReleaseMutex
WaitForSingleObject
CloseHandle
CreateMutexA
GetModuleHandleA
GetCurrentProcess
GetCurrentProcessId
GetFileSize
GetOEMCP
FindClose
SetFileTime
GetLocalTime
GetLogicalDriveStringsA
GetDriveTypeA
GetDiskFreeSpaceExA
CreateFileW
FindNextFileA
GetVolumeInformationA
GetComputerNameA
FindFirstVolumeA
FindFirstVolumeW
FindNextVolumeA
FindNextVolumeW
FindVolumeClose
SetVolumeMountPointA
GetVolumePathNamesForVolumeNameA
GetVolumePathNamesForVolumeNameW
MultiByteToWideChar
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Process32First
Process32Next
GlobalAlloc
GlobalFree
LockResource
GetProcAddress
TerminateThread
LoadResource
SizeofResource
LoadLibraryA
FindResourceA
IsValidLocale
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
GetConsoleCP
FindFirstFileExA
IsValidCodePage
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
SetStdHandle
WriteConsoleW
HeapSize
SetEndOfFile
DeviceIoControl
GetCurrentThreadId
HeapFree
HeapReAlloc
HeapAlloc
GetACP
FormatMessageW
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
GetExitCodeThread
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
AreFileApisANSI
SetLastError
GetModuleHandleW
MoveFileExW
QueryPerformanceCounter
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
InitializeSListHead
TerminateProcess
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlUnwind
RaiseException
ExitThread
ResumeThread
GetModuleHandleExW
ExitProcess
GetStdHandle
WriteFile
user32
MessageBoxA
advapi32
GetUserNameA
RegSetValueExA
RegOpenKeyA
RegDeleteValueA
RegCloseKey
CryptEncrypt
CryptImportKey
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
shell32
SHGetSpecialFolderPathA
SHEmptyRecycleBinA
ShellExecuteA
Sections
.text Size: 312KB - Virtual size: 312KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 101KB - Virtual size: 101KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 38KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ