Static task
static1
Behavioral task
behavioral1
Sample
58892f621a5b05339536004b2102cac88ea63b2148b784ea7a4745c27633444b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
58892f621a5b05339536004b2102cac88ea63b2148b784ea7a4745c27633444b.exe
Resource
win10v2004-20240412-en
General
-
Target
5cf2924b8575066f7a4c1cbc4195510745c684f250eaf85bf225027d982b86f4
-
Size
148KB
-
MD5
2ffeae1cade8986f86e86e6783db0bca
-
SHA1
ba8e6509089ff07ee4c5221695830822d203bfbe
-
SHA256
5cf2924b8575066f7a4c1cbc4195510745c684f250eaf85bf225027d982b86f4
-
SHA512
ff3bb1422b6a786eaa13a5d174b42e1104317270b7d1f57cd0b4004e479e2b99ca5515dfb2860628d48eb8d0d679cbebb103f255d7faeca95ab4d02ceb970c45
-
SSDEEP
3072:xU8CgQZ+sCpqOi3GlULAO+a1Fpsla8eKEtpse8Ub1UhQ9T3xPK:ut+T9SLLAMIla8eKEr38dhQ9ThPK
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/58892f621a5b05339536004b2102cac88ea63b2148b784ea7a4745c27633444b.exe
Files
-
5cf2924b8575066f7a4c1cbc4195510745c684f250eaf85bf225027d982b86f4.zip
Password: infected
-
58892f621a5b05339536004b2102cac88ea63b2148b784ea7a4745c27633444b.exe.exe windows:5 windows x86 arch:x86
e8e51dea98dc7701b104446165cbe5db
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
SetLocaleInfoA
WriteConsoleInputW
WritePrivateProfileStructA
DeleteVolumeMountPointA
VerSetConditionMask
ReadConsoleA
InterlockedDecrement
ZombifyActCtx
SetDefaultCommConfigW
CreateJobObjectW
GetProfileSectionA
GetComputerNameW
MoveFileWithProgressA
FindNextVolumeMountPointA
CreateActCtxW
GlobalAlloc
TerminateThread
ReadConsoleInputA
SetConsoleCP
InterlockedPopEntrySList
GlobalFlags
WriteConsoleW
GetTimeZoneInformation
GetNamedPipeHandleStateW
GetLargestConsoleWindowSize
CreateFileA
GetLastError
GetProcAddress
PeekConsoleInputW
VerLanguageNameW
SearchPathA
GetPrivateProfileStringA
SetFileApisToOEM
OpenWaitableTimerA
LoadLibraryA
GetConsoleScreenBufferInfo
IsWow64Process
BuildCommDCBAndTimeoutsW
GetNumberFormatW
FoldStringA
GlobalFindAtomW
GetModuleHandleA
GetProcessShutdownParameters
OpenFileMappingW
GetCPInfoExA
LocalSize
GetWindowsDirectoryW
CloseHandle
SetStdHandle
FlushFileBuffers
FindFirstFileA
GetCommandLineW
WideCharToMultiByte
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapReAlloc
HeapSetInformation
GetStartupInfoW
GetCPInfo
RaiseException
RtlUnwind
HeapAlloc
LCMapStringW
IsProcessorFeaturePresent
HeapCreate
HeapSize
GetModuleHandleW
ExitProcess
SetUnhandledExceptionFilter
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
GetLocaleInfoW
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryW
SetFilePointer
GetConsoleCP
GetConsoleMode
CreateFileW
user32
CharToOemBuffW
CharUpperW
advapi32
IsTextUnicode
Sections
.text Size: 192KB - Virtual size: 191KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 19KB - Virtual size: 3.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 32KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ