C:\kucaxobihepo58\wuyemex\29\bajani\lev36-mu.pdb
Static task
static1
Behavioral task
behavioral1
Sample
744ed761a0f877dcd3897d0b1bb05c3b3e29a27fc175760288d7f1dcc5d53e0d.exe
Resource
win7-20240221-en
General
-
Target
b61cbf9a5fdb170f3e5820df3b62f1dbf1e6731ba7c71b832b6f3c3c20de66d4
-
Size
134KB
-
MD5
7bc160ec22f604dabc37db7bf10bb731
-
SHA1
cbe4687db63f2b6a6e99ce372396a13ebf27420b
-
SHA256
b61cbf9a5fdb170f3e5820df3b62f1dbf1e6731ba7c71b832b6f3c3c20de66d4
-
SHA512
9d68267b1fdab4a2f88a1e85279e42011a919d105ec0affe3fb11332e2c1819f684193bc4c6b6e89b2d4eefa23d351c319163ea40569efb39c2973c545e76705
-
SSDEEP
3072:5oaoLwnTY4HCgJIbskAOc+XLCtl9FssGmoAm0WkKXlxy:5oanTtCb4duXOt/FssG0SA
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/744ed761a0f877dcd3897d0b1bb05c3b3e29a27fc175760288d7f1dcc5d53e0d.exe
Files
-
b61cbf9a5fdb170f3e5820df3b62f1dbf1e6731ba7c71b832b6f3c3c20de66d4.zip
Password: infected
-
744ed761a0f877dcd3897d0b1bb05c3b3e29a27fc175760288d7f1dcc5d53e0d.exe.exe windows:5 windows x86 arch:x86
ed049b91044df09ae078744de738246b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
CreateHardLinkA
BackupSeek
GetModuleHandleW
GetCommConfig
GetProcessHeap
LoadLibraryW
SizeofResource
CreateFileW
ExitThread
GetVolumePathNameA
InterlockedExchange
GetLastError
SetLastError
GetProcAddress
VirtualAlloc
BeginUpdateResourceW
OpenMutexA
WriteConsoleA
LocalAlloc
DnsHostnameToComputerNameA
GetCurrentProcess
BeginUpdateResourceA
AddAtomA
OpenJobObjectW
DeviceIoControl
GlobalFindAtomW
FindFirstVolumeMountPointA
VirtualProtect
_lopen
GetVersionExA
FindAtomW
GetWindowsDirectoryW
EnumResourceLanguagesW
OpenFileMappingA
SuspendThread
LCMapStringW
lstrcpyA
InterlockedIncrement
EnumCalendarInfoW
RemoveDirectoryW
GetComputerNameA
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetStartupInfoW
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
TerminateProcess
IsDebuggerPresent
HeapAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
HeapReAlloc
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
WideCharToMultiByte
GetModuleHandleA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
user32
WindowFromDC
GetCaretPos
gdi32
GetDeviceGammaRamp
advapi32
BackupEventLogA
Sections
.text Size: 150KB - Virtual size: 149KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 4.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ