C:\luh-zuviz\vuwihilifuk-bosepihiza_la.pdb
Static task
static1
Behavioral task
behavioral1
Sample
b09798c07fc468fb557b044326305a10d5b4a7b19c0d6adb88f794990c3634b9.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
b09798c07fc468fb557b044326305a10d5b4a7b19c0d6adb88f794990c3634b9.exe
Resource
win10v2004-20240412-en
General
-
Target
437037db7a33fb435588e924ad6cab7dc39d7d5da16def6bd06293e7d1b1bb62
-
Size
167KB
-
MD5
c5b85705b78773deeaac72dbbe413b3b
-
SHA1
0071f6bebe2e919c95e7d0373e6f387a3d8e4c6b
-
SHA256
437037db7a33fb435588e924ad6cab7dc39d7d5da16def6bd06293e7d1b1bb62
-
SHA512
128d1ae10661b239d83459d86c60a3d7d63766bfa111076995d1ce6645ff612e620c228d97b1a6c80a2ffdacdc99774bc46c8823437947f3859bbe45c72eda38
-
SSDEEP
3072:YRATOaGXDAnufgDJmuoK2StUpNKOYE7YKfDwPvWAVlKfs+GEpVlAMVa:YaTOnfgDJmuttqBYf6DevTVSs+hGJ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/b09798c07fc468fb557b044326305a10d5b4a7b19c0d6adb88f794990c3634b9.exe
Files
-
437037db7a33fb435588e924ad6cab7dc39d7d5da16def6bd06293e7d1b1bb62.zip
Password: infected
-
b09798c07fc468fb557b044326305a10d5b4a7b19c0d6adb88f794990c3634b9.exe.exe windows:5 windows x86 arch:x86
f7df7285cdb520de588415d277cad136
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
GetConsoleAliasesLengthW
FindResourceW
InterlockedIncrement
QueryDosDeviceA
InterlockedCompareExchange
SetComputerNameW
FindCloseChangeNotification
GetTickCount
GetConsoleAliasesLengthA
GlobalFindAtomA
SetConsoleMode
WriteConsoleW
SetComputerNameExW
GetStartupInfoA
GetLastError
SetLastError
ReadConsoleOutputCharacterA
GetProcAddress
VirtualAlloc
LoadLibraryA
InterlockedExchangeAdd
LocalAlloc
CreateHardLinkW
AddAtomW
lstrcmpiW
GetModuleHandleA
PurgeComm
CompareStringA
DeleteFileW
GetCurrentProcessId
DebugBreak
ResetWriteWatch
ResumeThread
GetConsoleOutputCP
MultiByteToWideChar
GetModuleHandleW
Sleep
ExitProcess
GetStartupInfoW
GetCPInfo
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
HeapFree
WriteFile
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
RaiseException
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CloseHandle
CreateFileA
HeapAlloc
HeapReAlloc
HeapSize
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
SetFilePointer
SetEndOfFile
GetProcessHeap
ReadFile
WriteConsoleA
user32
SetMessageExtraInfo
Sections
.text Size: 130KB - Virtual size: 130KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 4.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 128KB - Virtual size: 128KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ