C:\jayavejay_nohiti.pdb
Static task
static1
Behavioral task
behavioral1
Sample
a8905ed9ed1f5b9d74cee3da53ebc0a21af8cbcbf86504ac52f4234cc54c60e1.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a8905ed9ed1f5b9d74cee3da53ebc0a21af8cbcbf86504ac52f4234cc54c60e1.exe
Resource
win10v2004-20240412-en
General
-
Target
0d60f1b8aec8c0e0b5b9304fb6d7af7580802f65e3b9e0de043faa54240e8dac
-
Size
152KB
-
MD5
0b1324bf98988b0fdba9a7d3fdd4c06a
-
SHA1
9ad3caf475e25661140cf49bcd6aa3d41a5db6b6
-
SHA256
0d60f1b8aec8c0e0b5b9304fb6d7af7580802f65e3b9e0de043faa54240e8dac
-
SHA512
4ef4e9459e56f6ef6e54bfba902cf5e04adedb3a1c42151b9ba9a9fdbfc439ff2d525b76176a68e94202ca39723fffea2c587045566e1495d25669e7223e42fb
-
SSDEEP
3072:U+6h6aLyDVpsdk7XBEfQtHFRhjlSdbPT0E45VuG9fNM:U+6h6RDzsiBEItljl4bwEirS
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/a8905ed9ed1f5b9d74cee3da53ebc0a21af8cbcbf86504ac52f4234cc54c60e1.exe
Files
-
0d60f1b8aec8c0e0b5b9304fb6d7af7580802f65e3b9e0de043faa54240e8dac.zip
Password: infected
-
a8905ed9ed1f5b9d74cee3da53ebc0a21af8cbcbf86504ac52f4234cc54c60e1.exe.exe windows:5 windows x86 arch:x86
090041695468dcbe4eb2f63f21330c94
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
GlobalSize
CreateJobObjectW
CreateHardLinkA
GetTickCount
GetCommConfig
GlobalFindAtomA
LoadLibraryW
SetConsoleMode
EnumResourceLanguagesA
SetComputerNameExW
FlushInstructionCache
InterlockedExchange
GetLastError
SetLastError
BackupRead
GetProcAddress
VirtualAlloc
SetComputerNameA
WriteConsoleA
GetConsoleAliasA
LocalAlloc
TransmitCommChar
RemoveDirectoryW
QueryDosDeviceW
AddAtomA
SetSystemTime
FindFirstVolumeMountPointA
GetThreadPriority
GetModuleHandleA
GetStringTypeW
GetCurrentProcessId
ResetWriteWatch
SetFileAttributesW
DeleteFileA
lstrcpyA
GetConsoleAliasesLengthW
FindFirstChangeNotificationW
WriteConsoleOutputCharacterW
InterlockedExchangeAdd
GetComputerNameA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
HeapFree
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetLocaleInfoA
HeapSize
RaiseException
user32
CharLowerBuffW
gdi32
GetCharABCWidthsFloatA
SetColorAdjustment
advapi32
AreAnyAccessesGranted
Sections
.text Size: 115KB - Virtual size: 115KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 108KB - Virtual size: 107KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ