C:\koliyayibuj\telu.pdb
Static task
static1
Behavioral task
behavioral1
Sample
a7c2b8d081407da5d72f12eeef21c11674ff616c89be40f73f114c292c09e6de.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a7c2b8d081407da5d72f12eeef21c11674ff616c89be40f73f114c292c09e6de.exe
Resource
win10v2004-20240412-en
General
-
Target
b2580cc725e45150d8bd087753752555d3f0cc48849e1075e874ab0d32066f16
-
Size
141KB
-
MD5
7995dd096b8ceb4fbf315650c5a2667f
-
SHA1
ffdeb23e2ba9208d9825881c76b2b2afb6545fa5
-
SHA256
b2580cc725e45150d8bd087753752555d3f0cc48849e1075e874ab0d32066f16
-
SHA512
4ac0cbd9cdcc8b8537dd3b932775c054869902c8529b214d16ffadbe0de6a5efb92cbc10d195da1183920ef7e9002a168e2079d4f341075539a014cebbfd27d3
-
SSDEEP
3072:Yv3Fm978anM8eUf2CieTrGpfP7pSIaC6VYR:rwAf2CRTrKP+eR
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/a7c2b8d081407da5d72f12eeef21c11674ff616c89be40f73f114c292c09e6de.exe
Files
-
b2580cc725e45150d8bd087753752555d3f0cc48849e1075e874ab0d32066f16.zip
Password: infected
-
a7c2b8d081407da5d72f12eeef21c11674ff616c89be40f73f114c292c09e6de.exe.exe windows:5 windows x86 arch:x86
700b0dd8274fa766006677f2cd2b64ed
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
QueryDosDeviceA
AddConsoleAliasW
SetCommBreak
GetSystemDefaultLCID
GetTickCount
LoadLibraryW
FatalAppExitW
FreeConsole
SetComputerNameExW
CreateJobObjectA
GetLastError
SetLastError
GetProcAddress
VirtualAlloc
SetVolumeLabelW
ReadConsoleOutputAttribute
RemoveDirectoryA
LoadLibraryA
WriteConsoleA
LocalAlloc
FindNextChangeNotification
GlobalFindAtomW
GetModuleFileNameA
FindFirstVolumeMountPointA
GetModuleHandleA
GetFileAttributesExW
DeleteFileW
GetCurrentProcessId
MoveFileWithProgressW
DebugBreak
AreFileApisANSI
MoveFileW
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleW
Sleep
ExitProcess
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapFree
GetCPInfo
InterlockedIncrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
WriteFile
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapAlloc
HeapReAlloc
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
RtlUnwind
advapi32
GetAce
Sections
.text Size: 126KB - Virtual size: 126KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 19KB - Virtual size: 38.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 69KB - Virtual size: 69KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ