Static task
static1
Behavioral task
behavioral1
Sample
0a937d4fe8aa6cb947b95841c490d73e452a3cafcd92645afc353006786aba76.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0a937d4fe8aa6cb947b95841c490d73e452a3cafcd92645afc353006786aba76.exe
Resource
win10v2004-20240412-en
General
-
Target
e94a083d8625a65b03889b5a0f41fe4c2126d044d8be3415e40a80f63c7d9600
-
Size
79KB
-
MD5
1e3a794bd7c4ab5703b0b07b2b52c6d0
-
SHA1
e777ec7c627c97f4539b9ca8797bea77e33c9ca4
-
SHA256
e94a083d8625a65b03889b5a0f41fe4c2126d044d8be3415e40a80f63c7d9600
-
SHA512
fcc48b6b4724f11dfb0c3b2e976f50addec5e6d46c4de8dfe14a7ef2541727d7998ad4b6f7ca9a1c969f64a5fba62d0fc4e07d1ce3f285a9994758a431baf41b
-
SSDEEP
1536:Nkb3J8DaxRoomzq3bs0elJSSwwOokPZuaWvQwzfuJRAdA+7Az:NkzJVxKoVsl0Xwej7GWJRAdA+Ez
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/0a937d4fe8aa6cb947b95841c490d73e452a3cafcd92645afc353006786aba76.exe
Files
-
e94a083d8625a65b03889b5a0f41fe4c2126d044d8be3415e40a80f63c7d9600.zip
Password: infected
-
0a937d4fe8aa6cb947b95841c490d73e452a3cafcd92645afc353006786aba76.exe.exe windows:5 windows x86 arch:x86
be232aa2621354bf5dd7b405cc99198c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
netapi32
NetShareEnum
NetWkstaGetInfo
NetApiBufferFree
iphlpapi
GetAdaptersInfo
ws2_32
WSAGetLastError
ioctlsocket
htons
connect
socket
inet_addr
WSAStartup
select
closesocket
__WSAFDIsSet
WSACleanup
crypt32
CryptBinaryToStringA
gdiplus
GdipDeleteGraphics
GdipDeleteStringFormat
GdipDeleteFont
GdipCreateBitmapFromScan0
GdipSetStringFormatAlign
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipGetImageGraphicsContext
GdipDeleteFontFamily
GdipCreateLineBrushFromRect
GdipCreateStringFormat
GdiplusStartup
GdipDisposeImage
GdipCloneBrush
GdipDrawString
GdipFree
GdipGetGenericFontFamilySansSerif
GdipFillRectangle
GdipCreateFont
GdipAlloc
GdipDeleteBrush
GdipCreateFontFamilyFromName
GdipGetImageEncoders
GdipSetStringFormatLineAlign
shlwapi
PathAddBackslashW
PathFindExtensionW
PathRemoveExtensionA
PathRemoveFileSpecW
PathRemoveBackslashW
StrFormatByteSize64A
mpr
WNetAddConnection2W
WNetOpenEnumW
WNetEnumResourceW
WNetGetConnectionW
WNetCloseEnum
ntdll
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
NtSetInformationThread
RtlCreateUserThread
NtAdjustPrivilegesToken
NtOpenProcessToken
NtQueryInformationToken
VerSetConditionMask
RtlGetAce
NtOpenProcess
RtlQueryInformationAcl
RtlAllocateAndInitializeSid
RtlAddAce
RtlLengthSid
RtlAdjustPrivilege
RtlFreeSid
RtlAddAccessDeniedAce
RtlCreateAcl
NtSetInformationFile
RtlDosPathNameToNtPathName_U
RtlInterlockedPushEntrySList
RtlInitializeSListHead
RtlInterlockedPopEntrySList
RtlInterlockedFlushSList
RtlInitUnicodeString
NtAllocateVirtualMemory
LdrEnumerateLoadedModules
RtlAcquirePebLock
RtlReleasePebLock
msvcrt
srand
malloc
free
rand
calloc
kernel32
CreateFileW
GetFileAttributesW
GetDiskFreeSpaceExW
FindClose
WaitForMultipleObjects
GetWindowsDirectoryW
CreateIoCompletionPort
GetQueuedCompletionStatus
GetFileSizeEx
ReadFile
CreateProcessW
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
FindVolumeClose
SetVolumeMountPointW
FindNextFileW
FindFirstFileExW
GetLogicalDrives
AllocConsole
GetConsoleWindow
GetProcAddress
FindFirstVolumeW
QueryDosDeviceW
WaitForSingleObject
CreateProcessA
lstrcmpiA
GetCurrentProcessId
MoveFileExW
Process32Next
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
Process32First
GetComputerNameA
VerifyVersionInfoW
GetSystemInfo
GetVersionExA
LoadLibraryA
OpenMutexA
CreateMutexA
GetTickCount
GetTempFileNameW
GetTempPathW
GetDriveTypeW
lstrcmpiW
ExitProcess
CreateThread
CloseHandle
DeleteFileW
GetLocalTime
SetConsoleCtrlHandler
SetConsoleTextAttribute
SetConsoleTitleA
WriteFile
SetConsoleMode
SetProcessShutdownParameters
SetThreadUILanguage
ExitThread
GetModuleHandleA
Sleep
GetConsoleMode
SetFileAttributesW
user32
DispatchMessageA
IsWindowVisible
DeleteMenu
wsprintfA
ShowWindow
SetWindowLongA
GetMessageA
GetWindowLongA
RegisterHotKey
RegisterClassA
DefWindowProcA
FlashWindow
CreateWindowExA
SetLayeredWindowAttributes
TranslateMessage
wsprintfW
EnableMenuItem
SetForegroundWindow
CharUpperA
GetSystemMenu
GetMessageW
SystemParametersInfoW
wvsprintfA
GetSystemMetrics
CharLowerBuffW
PeekMessageW
advapi32
OpenSCManagerA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
SetThreadToken
RegOpenKeyA
CryptReleaseContext
EqualSid
AllocateAndInitializeSid
OpenProcessToken
FreeSid
CreateProcessAsUserW
DuplicateToken
DuplicateTokenEx
GetTokenInformation
SetSecurityInfo
GetSecurityInfo
EnumDependentServicesA
CloseServiceHandle
InitializeSecurityDescriptor
CheckTokenMembership
RegSetValueExA
ControlService
RegSetValueExW
RegDeleteValueW
QueryServiceStatusEx
RegQueryValueExW
OpenServiceA
SetFileSecurityW
CryptAcquireContextW
SetSecurityDescriptorOwner
CryptGenRandom
LookupPrivilegeValueA
CreateWellKnownSid
shell32
CommandLineToArgvW
SHEmptyRecycleBinW
ShellExecuteExA
ShellExecuteExW
ole32
CoGetObject
CoUninitialize
CoInitializeEx
Sections
.text Size: 123KB - Virtual size: 123KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE