Static task
static1
Behavioral task
behavioral1
Sample
1749c2de6125b6a38e42dd557b64b2d07abec025eb50f23743394136f655cf35.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1749c2de6125b6a38e42dd557b64b2d07abec025eb50f23743394136f655cf35.exe
Resource
win10v2004-20240412-en
General
-
Target
ba157977a0314511d9e5331f56c43a3b6c691f8198cec4fca4164d1e32dc1014
-
Size
128KB
-
MD5
03bf6a4081c94a60a24e6cbdafb3d392
-
SHA1
3dda80fa09abebd949ee25d3f0fea49c26b6c674
-
SHA256
ba157977a0314511d9e5331f56c43a3b6c691f8198cec4fca4164d1e32dc1014
-
SHA512
b35908500b435018d95d7cb7fe2d60d18d86bbdd1a6b6b6237d153efdb9c97fa38608e7ecd3dd4cc3036408cb64fd71b5fefbe8287917ee5caf597fdbe2e41c8
-
SSDEEP
3072:67LXjO2x1qC5bqLqcdjk6flYrqV/Azqm+pDA3BxgOyfder:6vS2xwOYk6fiWyu/DARXlr
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/1749c2de6125b6a38e42dd557b64b2d07abec025eb50f23743394136f655cf35.exe
Files
-
ba157977a0314511d9e5331f56c43a3b6c691f8198cec4fca4164d1e32dc1014.zip
Password: infected
-
1749c2de6125b6a38e42dd557b64b2d07abec025eb50f23743394136f655cf35.exe.exe windows:5 windows x86 arch:x86
628b5625e44ec4d4a2ba4078ce3026c9
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
LocalUnlock
OpenFile
TryEnterCriticalSection
CopyFileExW
SetEndOfFile
CreateJobObjectW
HeapFree
FreeEnvironmentStringsA
GetWindowsDirectoryA
GetCompressedFileSizeW
GetConsoleCP
GlobalAlloc
IsProcessInJob
DnsHostnameToComputerNameW
GetAtomNameW
GetModuleFileNameW
GetTimeZoneInformation
CompareStringW
SetConsoleTitleA
VirtualUnlock
GetLastError
GetLongPathNameW
CreateNamedPipeA
EnumDateFormatsExA
SetVolumeLabelW
GetConsoleDisplayMode
SetFileAttributesA
LoadLibraryA
OpenWaitableTimerW
GlobalFindAtomW
GetModuleHandleA
lstrcatW
VirtualProtect
QueryPerformanceFrequency
CreateWaitableTimerA
LocalFree
LCMapStringW
CompareStringA
GetLocaleInfoW
WideCharToMultiByte
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
HeapAlloc
GetStartupInfoW
RaiseException
RtlUnwind
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
HeapSize
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
SetEnvironmentVariableA
user32
GetDesktopWindow
GetMonitorInfoA
Sections
.text Size: 150KB - Virtual size: 150KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 17KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 417B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gezec Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.nosehet Size: 1024B - Virtual size: 577B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 26KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ