Static task
static1
Behavioral task
behavioral1
Sample
6fb0201dac82a2b6f3c409d74005eb50aab93abd7508f513636be051db86eefd.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6fb0201dac82a2b6f3c409d74005eb50aab93abd7508f513636be051db86eefd.exe
Resource
win10v2004-20240226-en
General
-
Target
4dd4112152b70bd0e62e3f63b59634a9ccc4c0ed3b5fe90a1067526abac58856
-
Size
98KB
-
MD5
7890c7e44ae337ac151bf262c352bb7b
-
SHA1
caa852fbf2ce6f32b0063d952caee42736ef0724
-
SHA256
4dd4112152b70bd0e62e3f63b59634a9ccc4c0ed3b5fe90a1067526abac58856
-
SHA512
03c1b74e2b491674231ed23c1e74c834754cb5f79d4a70ba40a08447811971b822068b73be499c21c9021445ca22841febc41907cc13b97130507f4d2a157c58
-
SSDEEP
3072:dabdhRBm3Y+FH+XPPEaqQhoirf9HTBLS5d9swj:dudhRG/F+PVx9H1G9swj
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/6fb0201dac82a2b6f3c409d74005eb50aab93abd7508f513636be051db86eefd.exe
Files
-
4dd4112152b70bd0e62e3f63b59634a9ccc4c0ed3b5fe90a1067526abac58856.zip
Password: infected
-
6fb0201dac82a2b6f3c409d74005eb50aab93abd7508f513636be051db86eefd.exe.exe windows:5 windows x86 arch:x86
4f55e2a30ec0c2d3680e7e87f2ea376a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetFileSize
GetConsoleAliasExesLengthA
WriteConsoleOutputCharacterA
HeapAlloc
ScrollConsoleScreenBufferW
CreateHardLinkA
GlobalAlloc
WideCharToMultiByte
LoadLibraryW
GetLocaleInfoW
GetFileAttributesA
HeapValidate
GetModuleFileNameW
FindNextVolumeMountPointW
CreateJobObjectA
InterlockedExchange
SetThreadLocale
GetStdHandle
GetLastError
GetProcessHeaps
GetConsoleDisplayMode
DisableThreadLibraryCalls
BuildCommDCBW
GetNumaHighestNodeNumber
GetAtomNameA
LoadLibraryA
UnhandledExceptionFilter
DnsHostnameToComputerNameA
FindAtomA
CreatePipe
VirtualProtect
GetCurrentDirectoryA
ReleaseMutex
FileTimeToLocalFileTime
EncodePointer
DecodePointer
HeapReAlloc
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
HeapSize
GetProcAddress
GetModuleHandleW
ExitProcess
HeapCreate
HeapFree
WriteFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
IsProcessorFeaturePresent
LCMapStringW
MultiByteToWideChar
GetStringTypeW
RaiseException
Sections
.text Size: 37KB - Virtual size: 37KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 90KB - Virtual size: 90KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 293KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ