Static task
static1
Behavioral task
behavioral1
Sample
cfabceb494d9568adbc70ec87935c048f61c6a614b4b8a618670d1c02c4b1983.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
cfabceb494d9568adbc70ec87935c048f61c6a614b4b8a618670d1c02c4b1983.exe
Resource
win10v2004-20240412-en
General
-
Target
d3b73704770ddca1d69ca57f0cbb135c3ebcc237c8bea3579fbb23d60bc67887
-
Size
307KB
-
MD5
6120584f91300e3294966b48c6a2e47a
-
SHA1
87752f484e7aaa0761d374ffdc8abf9bd2a28844
-
SHA256
d3b73704770ddca1d69ca57f0cbb135c3ebcc237c8bea3579fbb23d60bc67887
-
SHA512
d4b78f863acadec7bb14b8975b8d4de8968cc329363f8479181c55afbffb812d10e660818bad51d1bd6707a24e1b2f39f7afd65a457530a06ef79ef70baaee29
-
SSDEEP
6144:6BmDhiN3rbDT5IRBR/LZsnaxVeu0Af8KyinPbS:6fTG/LWaxVcKys2
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/cfabceb494d9568adbc70ec87935c048f61c6a614b4b8a618670d1c02c4b1983.exe
Files
-
d3b73704770ddca1d69ca57f0cbb135c3ebcc237c8bea3579fbb23d60bc67887.zip
Password: infected
-
cfabceb494d9568adbc70ec87935c048f61c6a614b4b8a618670d1c02c4b1983.exe.exe windows:5 windows x86 arch:x86
76baf27cc1836a0776936ede08dc6d5f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
QueryDosDeviceA
GetModuleHandleW
GetTickCount
ReadConsoleW
GetWindowsDirectoryA
EnumTimeFormatsW
GlobalAlloc
GetVolumeInformationA
GetLocaleInfoW
GetVersionExW
GetConsoleAliasW
WriteConsoleW
SetSystemPowerState
GetModuleFileNameW
CreateFileW
ExitThread
SetConsoleTextAttribute
GetProcAddress
PeekConsoleInputW
RemoveDirectoryA
LoadLibraryA
FindFirstVolumeMountPointW
GetNumberFormatW
GlobalFindAtomW
VirtualProtect
GetCurrentDirectoryA
GetCurrentProcessId
CloseHandle
SetStdHandle
OutputDebugStringW
LoadLibraryExW
GetConsoleAliasExesLengthA
FindResourceA
GetLocaleInfoA
GetLastError
GetEnvironmentVariableW
HeapReAlloc
FreeEnvironmentStringsW
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
IsProcessorFeaturePresent
HeapFree
HeapAlloc
GetCommandLineA
RaiseException
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
LCMapStringW
ExitProcess
GetModuleHandleExW
IsDebuggerPresent
IsValidCodePage
GetACP
GetOEMCP
GetCurrentThreadId
GetStdHandle
GetFileType
GetProcessHeap
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
ReadFile
SetFilePointerEx
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
user32
GetAltTabInfoA
GetClassInfoA
DrawFrameControl
CharLowerA
CharUpperBuffW
gdi32
GetCharacterPlacementA
GetPixelFormat
advapi32
ReadEventLogW
msimg32
AlphaBlend
Sections
.text Size: 62KB - Virtual size: 61KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 34KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 287KB - Virtual size: 41.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 75KB - Virtual size: 75KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ