Static task
static1
Behavioral task
behavioral1
Sample
2feee675a296f24476606968e2669d0efda3c14b2c56e8507bc22efbbb54ce6b.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2feee675a296f24476606968e2669d0efda3c14b2c56e8507bc22efbbb54ce6b.exe
Resource
win10v2004-20240226-en
General
-
Target
9a2073e7fd9e73b17ab239c32ea2c2852c9d958abf3a7501cbca8ac4b03e188c
-
Size
107KB
-
MD5
d1b1025866b6487e5dc946427f8addfa
-
SHA1
245d66172edd4c0f1717735486e5c5693e480fe3
-
SHA256
9a2073e7fd9e73b17ab239c32ea2c2852c9d958abf3a7501cbca8ac4b03e188c
-
SHA512
c7dac2e26a43066e0f5ddd5d9aa5ad48912eb448c5e6223db00c492af4749b4b8f5b951c01bf2c61bb4d272470488b97d331f749af83c701e16f12980b80a3b1
-
SSDEEP
3072:7ldz4JW6PG9G+yACSizY0JD8ShbeRz40Jx/C96WEwdq:zN9lQFdDfhbeR7a9nE1
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/2feee675a296f24476606968e2669d0efda3c14b2c56e8507bc22efbbb54ce6b.exe
Files
-
9a2073e7fd9e73b17ab239c32ea2c2852c9d958abf3a7501cbca8ac4b03e188c.zip
Password: infected
-
2feee675a296f24476606968e2669d0efda3c14b2c56e8507bc22efbbb54ce6b.exe.exe windows:5 windows x86 arch:x86
518370577aa5c0bcbfd6ece4cf8b6db7
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
HeapAlloc
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
SetEvent
CreateHardLinkA
ConnectNamedPipe
GetModuleHandleW
GetTickCount
GlobalAlloc
GlobalFindAtomA
LoadLibraryW
GetFileAttributesA
HeapValidate
GetACP
FindNextVolumeMountPointW
GetConsoleOutputCP
GetLocaleInfoA
GetCurrentDirectoryW
GetThreadLocale
GetProcAddress
HeapSize
SetComputerNameA
GetAtomNameA
LoadLibraryA
UnhandledExceptionFilter
OpenWaitableTimerW
SetCalendarInfoW
GetModuleFileNameA
SetConsoleTitleW
HeapSetInformation
FindAtomW
CloseHandle
CreateFileW
GetLastError
GetNumaProcessorNode
IsProcessorFeaturePresent
EncodePointer
DecodePointer
HeapReAlloc
ExitProcess
GetCommandLineA
GetStartupInfoW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
Sleep
HeapFree
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetOEMCP
IsValidCodePage
RtlUnwind
SetStdHandle
WriteConsoleW
MultiByteToWideChar
LCMapStringW
GetStringTypeW
FlushFileBuffers
user32
GetMonitorInfoA
advapi32
GetPrivateObjectSecurity
ole32
CoTaskMemFree
winhttp
WinHttpOpen
Sections
.text Size: 43KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 92KB - Virtual size: 91KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 1.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 40KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ