Static task
static1
Behavioral task
behavioral1
Sample
6fb0201dac82a2b6f3c409d74005eb50aab93abd7508f513636be051db86eefd.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
6fb0201dac82a2b6f3c409d74005eb50aab93abd7508f513636be051db86eefd.exe
Resource
win10v2004-20240412-en
General
-
Target
d2ff9ae68bedebfdb400f153003ab73ea95e0c380c1dd85bc4bb2c0d45eabfa9
-
Size
98KB
-
MD5
2b4851a2e17b3bcdaff1b9f68e3ba2f8
-
SHA1
2a4e7d5d12b41f55527511ca421bb6242c9463c3
-
SHA256
d2ff9ae68bedebfdb400f153003ab73ea95e0c380c1dd85bc4bb2c0d45eabfa9
-
SHA512
6f63c09d05e98aa9fe9339e35dfe19f092ff464d63338983d79480bd6c97688a3a7ef84d0ee41bd2198713412d612217687397633ddd93a036ec0fbbad3386cc
-
SSDEEP
1536:v5HdOZ7cG7emD3kZDU372GfC+ofX4g12LMeF9RXCiEyEu65L7R4XbRUJlEz7yIhZ:s7hemDqi72RFQrUvRu6BWeynZ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/6fb0201dac82a2b6f3c409d74005eb50aab93abd7508f513636be051db86eefd.exe
Files
-
d2ff9ae68bedebfdb400f153003ab73ea95e0c380c1dd85bc4bb2c0d45eabfa9.zip
Password: infected
-
6fb0201dac82a2b6f3c409d74005eb50aab93abd7508f513636be051db86eefd.exe.exe windows:5 windows x86 arch:x86
4f55e2a30ec0c2d3680e7e87f2ea376a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetFileSize
GetConsoleAliasExesLengthA
WriteConsoleOutputCharacterA
HeapAlloc
ScrollConsoleScreenBufferW
CreateHardLinkA
GlobalAlloc
WideCharToMultiByte
LoadLibraryW
GetLocaleInfoW
GetFileAttributesA
HeapValidate
GetModuleFileNameW
FindNextVolumeMountPointW
CreateJobObjectA
InterlockedExchange
SetThreadLocale
GetStdHandle
GetLastError
GetProcessHeaps
GetConsoleDisplayMode
DisableThreadLibraryCalls
BuildCommDCBW
GetNumaHighestNodeNumber
GetAtomNameA
LoadLibraryA
UnhandledExceptionFilter
DnsHostnameToComputerNameA
FindAtomA
CreatePipe
VirtualProtect
GetCurrentDirectoryA
ReleaseMutex
FileTimeToLocalFileTime
EncodePointer
DecodePointer
HeapReAlloc
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
HeapSize
GetProcAddress
GetModuleHandleW
ExitProcess
HeapCreate
HeapFree
WriteFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
IsProcessorFeaturePresent
LCMapStringW
MultiByteToWideChar
GetStringTypeW
RaiseException
Sections
.text Size: 37KB - Virtual size: 37KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 90KB - Virtual size: 90KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 293KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ