Resubmissions
19-01-2022 17:47
220119-wcv6escaf9 10Static task
static1
Behavioral task
behavioral1
Sample
15854a76db97918e152cabbd6ff921b7e71af57ea35b6a97e664e85214e0e6e3.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
15854a76db97918e152cabbd6ff921b7e71af57ea35b6a97e664e85214e0e6e3.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
15854a76db97918e152cabbd6ff921b7e71af57ea35b6a97e664e85214e0e6e3.exe
Resource
win10v2004-20240226-en
General
-
Target
15854a76db97918e152cabbd6ff921b7e71af57ea35b6a97e664e85214e0e6e3.zip
-
Size
295KB
-
MD5
c60b57a7e6614be6c56471d657ed4203
-
SHA1
f58e5c47d42f3cdf03e89f53d598b3a173e2849f
-
SHA256
f9043c14b008719d4d3184e1fdd9045c083e441d4171b6a03cf1d67c092a1e86
-
SHA512
4da44534bbb709828982396c3e3f6a6831d57c0b78e739eb41ecc1f38665216516e7808088ca310e4d5432aad7b1293d634bc7147ee57ee4cefe3229cd8525aa
-
SSDEEP
6144:26wGxePm8FeyyGZ0DYRsfCvwGm5FgbG4uz9Pz9MLxJ0vt:2IxwFenGZIYRsf9GmYy4unhvt
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/15854a76db97918e152cabbd6ff921b7e71af57ea35b6a97e664e85214e0e6e3.exe
Files
-
15854a76db97918e152cabbd6ff921b7e71af57ea35b6a97e664e85214e0e6e3.zip.zip
Password: infected
-
15854a76db97918e152cabbd6ff921b7e71af57ea35b6a97e664e85214e0e6e3.exe.exe windows:5 windows x86 arch:x86
Password: infected
cd3fc0dde37bf2787f0f054ef3b5a350
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntdll
_vsnprintf
strtoul
_snprintf
sscanf
sprintf
_strnicmp
tolower
_wcsicmp
strrchr
abs
strncmp
atol
isprint
memcpy
memmove
isspace
strlen
strchr
atoi
strncpy
strcpy
_chkstk
strstr
isalnum
wcschr
strcmp
wcslen
memcmp
wcsstr
_stricmp
_wcsnicmp
memset
ws2_32
sendto
recvfrom
connect
accept
getsockname
inet_ntoa
ntohs
closesocket
htonl
htons
socket
gethostbyname
listen
freeaddrinfo
getaddrinfo
ioctlsocket
select
WSAStartup
send
recv
__WSAFDIsSet
inet_pton
getsockopt
gethostname
shutdown
inet_addr
getpeername
WSAGetLastError
setsockopt
bind
kernel32
OpenProcess
GetProcessTimes
QueryPerformanceCounter
InterlockedDecrement
InterlockedIncrement
GetNativeSystemInfo
UnregisterWait
GetSystemTime
IsWow64Process
Sleep
CreateThread
CloseHandle
TerminateThread
LeaveCriticalSection
EnterCriticalSection
GlobalFree
GlobalUnlock
WriteFile
CreateFileW
GlobalLock
GlobalAlloc
FindClose
DeleteFileW
FindNextFileW
lstrcmpW
FindFirstFileW
lstrcatW
lstrcpyW
ExitThread
GetLocalTime
InitializeCriticalSection
WaitForSingleObject
lstrcpyA
DeleteCriticalSection
GetCurrentThread
GetTickCount
lstrlenA
FreeLibrary
GetProcAddress
LoadLibraryA
LocalFree
CopyFileA
DeleteFileA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFileAttributesA
GetPrivateProfileStringA
ExpandEnvironmentStringsA
TerminateProcess
CreateProcessA
lstrlenW
ExpandEnvironmentStringsW
WideCharToMultiByte
CreateFileA
SetCurrentDirectoryW
GetCurrentDirectoryW
ExitProcess
GetLastError
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcatA
GetWindowsDirectoryA
lstrcmpA
GetModuleHandleA
CreateProcessW
SetLastError
lstrcpynW
CreateEventW
SetEvent
TryEnterCriticalSection
GetModuleHandleW
ResetEvent
ResumeThread
CreateDirectoryW
FindNextFileA
FindFirstFileA
SetEndOfFile
ReadFile
GetFileSize
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
GetComputerNameA
GetCurrentProcess
ReadProcessMemory
GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree
VirtualQuery
VirtualFreeEx
VirtualAllocEx
Process32Next
Process32First
DeviceIoControl
GetVersionExW
ReleaseMutex
OpenMutexW
CreateMutexW
LocalAlloc
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
MultiByteToWideChar
LoadLibraryW
CreateEventA
RegisterWaitForSingleObject
OpenEventA
lstrcmpiW
CreateMutexA
QueryPerformanceFrequency
GetVersionExA
WriteProcessMemory
GlobalFindAtomW
VirtualFree
CreateRemoteThread
VirtualQueryEx
GetProcessHandleCount
VirtualAlloc
VirtualProtectEx
SetFilePointer
DuplicateHandle
crypt32
CryptUnprotectData
user32
GetWindowPlacement
PostMessageA
SendMessageA
WindowFromPoint
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
CreateDesktopA
OpenDesktopA
CharNextA
PostThreadMessageW
CallNextHookEx
ToAscii
MapVirtualKeyW
GetWindowThreadProcessId
UnhookWindowsHookEx
DispatchMessageW
TranslateMessage
GetMessageW
FindWindowA
DrawIconEx
GetIconInfo
GetCursorInfo
PostMessageW
EnumWindows
IsWindow
IsWindowVisible
GetWindowLongA
SetWindowLongA
GetTopWindow
MenuItemFromPoint
GetWindowRect
PrintWindow
GetSystemMetrics
GetDesktopWindow
GetDC
ReleaseDC
GetForegroundWindow
GetWindowTextA
VkKeyScanA
SetCursorPos
SendInput
RealGetWindowClassA
PtInRect
GetMenuItemID
MoveWindow
ScreenToClient
ChildWindowFromPoint
SetWindowsHookExA
SetThreadDesktop
GetWindow
gdi32
GetDIBits
SelectPalette
GetStockObject
GetObjectW
DeleteDC
GetDeviceCaps
CreateDCW
DeleteObject
StretchBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
SetStretchBltMode
CreateDIBSection
SetDIBColorTable
RealizePalette
advapi32
GetSidSubAuthorityCount
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
InitializeSecurityDescriptor
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegNotifyChangeKeyValue
GetTokenInformation
ConvertSidToStringSidA
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetUserNameA
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
shell32
SHFileOperationW
SHGetFolderPathA
SHGetSpecialFolderPathA
SHGetFolderPathAndSubDirW
ole32
StringFromGUID2
CoInitialize
CoCreateInstance
CoUninitialize
CoCreateGuid
shlwapi
PathCombineA
Sections
.text Size: 250KB - Virtual size: 249KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 144KB - Virtual size: 143KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 27KB - Virtual size: 218KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ