Static task
static1
Behavioral task
behavioral1
Sample
7e58fdd635ef291b98c8c9e6c317fc4f6699dfb8580d95159fdb8f39e9ba9ea6.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7e58fdd635ef291b98c8c9e6c317fc4f6699dfb8580d95159fdb8f39e9ba9ea6.exe
Resource
win10v2004-20240412-en
General
-
Target
a1849d53e0465775a5358c4b3628b34246aedc4f56f3a1a8846fd09987e6530d
-
Size
162KB
-
MD5
c2094380c427f34ba0cbe8c92569f8de
-
SHA1
f9f81b84aa862e4140d7e543aed06de62e080965
-
SHA256
a1849d53e0465775a5358c4b3628b34246aedc4f56f3a1a8846fd09987e6530d
-
SHA512
3aaa08f1fbe792d2a0bc1bf92a932d2054140d528f5035a1b14361cdbb8b37755e0e29bdbecb489e37ca13263c86a485719dbacf3776cf47438810f9b6b1d1a0
-
SSDEEP
3072:8yirGuA3/aJbkfVQdSxODxu2+gAp2AG3ETcPEz+/67A1bXGdLz0GrvT8:8yNuA3/aJbkm+ODx9+1FIETcDSgX+LzI
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/7e58fdd635ef291b98c8c9e6c317fc4f6699dfb8580d95159fdb8f39e9ba9ea6.exe
Files
-
a1849d53e0465775a5358c4b3628b34246aedc4f56f3a1a8846fd09987e6530d.zip
Password: infected
-
7e58fdd635ef291b98c8c9e6c317fc4f6699dfb8580d95159fdb8f39e9ba9ea6.exe.exe windows:5 windows x86 arch:x86
22d51019ef926c7d67891a16d936728c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
ReadConsoleA
GetConsoleAliasA
CreateDirectoryW
GetFileAttributesExA
GetModuleHandleW
GetTickCount
EnumTimeFormatsW
GlobalAlloc
GetVolumeInformationA
GlobalFindAtomA
LoadLibraryW
GetSystemPowerStatus
FreeConsole
GetConsoleAliasExesLengthW
WriteConsoleW
CreateFileW
MultiByteToWideChar
FindNextVolumeMountPointW
GetLastError
GetProcAddress
InterlockedIncrement
GetExitCodeThread
GetNumberFormatW
RemoveDirectoryW
QueryDosDeviceW
GetModuleFileNameA
VirtualProtect
GetCurrentDirectoryA
GetVersionExA
GetWindowsDirectoryW
GetCurrentProcessId
ReadConsoleOutputCharacterW
CloseHandle
SetStdHandle
OutputDebugStringW
LoadLibraryExW
HeapReAlloc
FindResourceA
GetLocaleInfoA
PeekConsoleInputW
GetEnvironmentVariableW
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WideCharToMultiByte
GetStringTypeW
HeapFree
HeapAlloc
IsProcessorFeaturePresent
GetCommandLineA
RaiseException
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
LCMapStringW
GetProcessHeap
IsDebuggerPresent
GetStdHandle
GetFileType
ExitProcess
GetModuleHandleExW
WriteFile
GetModuleFileNameW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
GetCurrentThreadId
ReadFile
SetFilePointerEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetACP
user32
GetKeyboardLayoutNameA
CharUpperBuffW
DrawEdge
GetClassInfoW
CharLowerA
SetUserObjectSecurity
GetAltTabInfoW
gdi32
CreateDCA
advapi32
ReadEventLogA
winhttp
WinHttpOpen
Sections
.text Size: 63KB - Virtual size: 62KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 34KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 149KB - Virtual size: 41.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 69KB - Virtual size: 68KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ