Static task
static1
Behavioral task
behavioral1
Sample
6fb0201dac82a2b6f3c409d74005eb50aab93abd7508f513636be051db86eefd.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6fb0201dac82a2b6f3c409d74005eb50aab93abd7508f513636be051db86eefd.exe
Resource
win10v2004-20240412-en
General
-
Target
a4b9b97b2992feafb61da9a537dc82e6740e9cd5ac8d1a5d3d66eee04bdb29af
-
Size
98KB
-
MD5
140b13ac418330943b083ce574867010
-
SHA1
c42795b9739da42f063b6d9c979f545eade2742c
-
SHA256
a4b9b97b2992feafb61da9a537dc82e6740e9cd5ac8d1a5d3d66eee04bdb29af
-
SHA512
cc17124fa5bad886f1a5be77195b62a62e937e39d8bfc3ce3b127848e4755c04a404ec21ddfbf204377728dd88cda46ad4141272c042badc761a35ec02d4234c
-
SSDEEP
3072:Qd6Hw/RH+ALmvefjrp153rrzvbIdI1YEH5wBrEe:s7NLmgrF/zTIdI1H6
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/6fb0201dac82a2b6f3c409d74005eb50aab93abd7508f513636be051db86eefd.exe
Files
-
a4b9b97b2992feafb61da9a537dc82e6740e9cd5ac8d1a5d3d66eee04bdb29af.zip
Password: infected
-
6fb0201dac82a2b6f3c409d74005eb50aab93abd7508f513636be051db86eefd.exe.exe windows:5 windows x86 arch:x86
4f55e2a30ec0c2d3680e7e87f2ea376a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetFileSize
GetConsoleAliasExesLengthA
WriteConsoleOutputCharacterA
HeapAlloc
ScrollConsoleScreenBufferW
CreateHardLinkA
GlobalAlloc
WideCharToMultiByte
LoadLibraryW
GetLocaleInfoW
GetFileAttributesA
HeapValidate
GetModuleFileNameW
FindNextVolumeMountPointW
CreateJobObjectA
InterlockedExchange
SetThreadLocale
GetStdHandle
GetLastError
GetProcessHeaps
GetConsoleDisplayMode
DisableThreadLibraryCalls
BuildCommDCBW
GetNumaHighestNodeNumber
GetAtomNameA
LoadLibraryA
UnhandledExceptionFilter
DnsHostnameToComputerNameA
FindAtomA
CreatePipe
VirtualProtect
GetCurrentDirectoryA
ReleaseMutex
FileTimeToLocalFileTime
EncodePointer
DecodePointer
HeapReAlloc
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
HeapSize
GetProcAddress
GetModuleHandleW
ExitProcess
HeapCreate
HeapFree
WriteFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
IsProcessorFeaturePresent
LCMapStringW
MultiByteToWideChar
GetStringTypeW
RaiseException
Sections
.text Size: 37KB - Virtual size: 37KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 90KB - Virtual size: 90KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 293KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ