C:\vifawuwanocah97\remikagic sexenubo.pdb
Static task
static1
Behavioral task
behavioral1
Sample
4ba5c87a94c9929e51c3c8c09b45d8a70fda5e1518691c979b770d64bec3cf4d.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4ba5c87a94c9929e51c3c8c09b45d8a70fda5e1518691c979b770d64bec3cf4d.exe
Resource
win10v2004-20240412-en
General
-
Target
f49f0bbf8825d92afd6374c9ef72535908acf210b12d95e896f055be9d7d8d91
-
Size
163KB
-
MD5
048ab0ed5c1c8013e919ce6e0aa65c1c
-
SHA1
2efc5143642581d0ba32cb9d755f6726f75b85cf
-
SHA256
f49f0bbf8825d92afd6374c9ef72535908acf210b12d95e896f055be9d7d8d91
-
SHA512
7365f4f940bdd982ea01463665046c398de379fe561fb028894558c130415fc560ae0e82760924066ee6ad051e92e1697319ed72d323e940f0e733db70577a24
-
SSDEEP
3072:7gASzXtjewizixwWai2IHN54WhuYuHU44vSqLjEnVTza+rVKQ8AeLtJd:ChVizywWnlt/hu1U446qHEngyVKzAil
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/4ba5c87a94c9929e51c3c8c09b45d8a70fda5e1518691c979b770d64bec3cf4d.exe
Files
-
f49f0bbf8825d92afd6374c9ef72535908acf210b12d95e896f055be9d7d8d91.zip
Password: infected
-
4ba5c87a94c9929e51c3c8c09b45d8a70fda5e1518691c979b770d64bec3cf4d.exe.exe windows:5 windows x86 arch:x86
eece28fa725ed1cdfebc98e3f9f15000
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
GetComputerNameA
HeapReAlloc
GetDriveTypeW
GetConsoleAliasExesLengthA
MapUserPhysicalPages
InterlockedIncrement
GetConsoleAliasA
InterlockedCompareExchange
SetComputerNameW
AddConsoleAliasW
GetTickCount
GetConsoleTitleA
ReadConsoleW
GetConsoleAliasExesW
CreateDirectoryExW
GlobalAlloc
GlobalFindAtomA
GetLocaleInfoW
GetVolumePathNameA
GetStdHandle
GetLastError
SetLastError
GetProcAddress
VirtualAlloc
BackupWrite
RemoveDirectoryA
SetFileApisToOEM
LoadLibraryA
FindFirstVolumeMountPointW
GetNumberFormatW
QueryDosDeviceW
FindNextChangeNotification
GetModuleHandleA
QueryMemoryResourceNotification
GetFileAttributesExW
GetCurrentProcessId
GetVolumeInformationW
CloseHandle
CreateFileA
HeapSize
FlushFileBuffers
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
SetHandleCount
GetFileType
DeleteCriticalSection
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RaiseException
HeapAlloc
InitializeCriticalSectionAndSpinCount
SetStdHandle
RtlUnwind
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
user32
CharUpperBuffA
DestroyAcceleratorTable
CharUpperBuffW
shell32
FindExecutableA
winhttp
WinHttpReadData
Sections
.text Size: 150KB - Virtual size: 149KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 20KB - Virtual size: 41.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 82KB - Virtual size: 82KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ