C:\zutogupitaj\zubiracixis\kixozikamo_burom\rabebit.pdb
Static task
static1
Behavioral task
behavioral1
Sample
3d24879020f71f37768efb2dcd3724477b190b9f0c7f87c72edb472f81123ec5.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3d24879020f71f37768efb2dcd3724477b190b9f0c7f87c72edb472f81123ec5.exe
Resource
win10v2004-20240412-en
General
-
Target
c75af78aee0af789556e3220005f5a1960ead0038de23208ec23d003106af521
-
Size
151KB
-
MD5
b2ade24d5ddb38b33b136289b6ba2ebc
-
SHA1
907814e6b029ee3d027eac0660eb18757f5fea46
-
SHA256
c75af78aee0af789556e3220005f5a1960ead0038de23208ec23d003106af521
-
SHA512
ed6d7fa24a2e0d0863a9493e53b4b930fe3b8b6d8c203a89c6ff49d77aa6624d95e0b35dafe99206be875d5b65e245491370a038d42314d288cd23e0fdb01615
-
SSDEEP
3072:9gG875mhlIJLNJcQVXl8v77YBP8dZgp4xPCrB12j:tdIJLNuQd2U8dZgePEH2j
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/3d24879020f71f37768efb2dcd3724477b190b9f0c7f87c72edb472f81123ec5.exe
Files
-
c75af78aee0af789556e3220005f5a1960ead0038de23208ec23d003106af521.zip
Password: infected
-
3d24879020f71f37768efb2dcd3724477b190b9f0c7f87c72edb472f81123ec5.exe.exe windows:5 windows x86 arch:x86
d06982428050f7f06adfc753e0db3b8f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
GlobalSize
GetComputerNameW
GetTickCount
GetCommConfig
VirtualFree
GetConsoleAliasesLengthA
GlobalFindAtomA
LoadLibraryW
SetConsoleMode
SetComputerNameExW
InterlockedExchange
GetLastError
SetLastError
GetProcAddress
VirtualAlloc
BackupWrite
SetComputerNameA
LoadLibraryA
GetConsoleAliasA
InterlockedExchangeAdd
LocalAlloc
CreateHardLinkW
FindFirstVolumeMountPointW
TransmitCommChar
AddAtomW
RemoveDirectoryW
QueryDosDeviceW
SetSystemTime
GetThreadPriority
GetModuleHandleA
EnumResourceLanguagesW
GetCurrentProcessId
ResetWriteWatch
SetFileAttributesW
DeleteFileA
lstrcpyA
GetStringTypeA
FindFirstChangeNotificationW
WriteConsoleOutputCharacterW
WriteConsoleA
GetComputerNameA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
HeapFree
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
HeapReAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetStringTypeW
GetLocaleInfoA
HeapSize
RaiseException
gdi32
GetCharABCWidthsFloatA
StrokePath
advapi32
AreAnyAccessesGranted
Sections
.text Size: 114KB - Virtual size: 114KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 107KB - Virtual size: 107KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ