Static task
static1
Behavioral task
behavioral1
Sample
1a1184357683c518992d0ca26a904e98ad1955acee5c6c5386108875a013c972.exe
Resource
win7-20240221-en
General
-
Target
1a1184357683c518992d0ca26a904e98ad1955acee5c6c5386108875a013c972
-
Size
24KB
-
MD5
d9d8f0e3622183a0d2051cf3afb3d0a2
-
SHA1
e8a209ae9878e978232328420cdd72d7e14476d8
-
SHA256
1a1184357683c518992d0ca26a904e98ad1955acee5c6c5386108875a013c972
-
SHA512
18eecf31534422f242e217c960323e68a572e4ce21e210c0ddfaff2345ee4e242c1e1043f2b63a15d9be7006383ea75a5c0cb28481b94962b9c84207a70b5003
-
SSDEEP
384:ix1E2hj4EOQ+Xc4KnA1SJAQrOZCreeeeeeeeWeeeee9MMqGrmpGPdCzI:irEbvM7nAcreeeeeeeeWeeeeejPdCzI
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 1a1184357683c518992d0ca26a904e98ad1955acee5c6c5386108875a013c972
Files
-
1a1184357683c518992d0ca26a904e98ad1955acee5c6c5386108875a013c972.exe windows:5 windows x86 arch:x86
ba03a823eece07bb2188e5d52fa18a70
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
shlwapi
PathFileExistsW
StrCmpNW
ntdll
_chkstk
RtlUnwind
NtQueryVirtualMemory
wcsstr
kernel32
CreateThread
ExpandEnvironmentStringsW
CreateMutexA
GetLastError
ExitProcess
lstrcpyW
DeleteFileW
FindNextFileW
QueryDosDeviceW
FindClose
lstrcmpW
GetModuleFileNameW
GetLogicalDrives
GetDriveTypeW
Sleep
ExitThread
GetFileSize
CreateFileW
CloseHandle
FindFirstFileW
user32
wsprintfW
advapi32
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
Sections
.text Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.zero Size: 4KB - Virtual size: 3KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ