Static task
static1
Behavioral task
behavioral1
Sample
ddbc4908272a1d0f339b58627a6795a7daff257470741474cc9203b9a9a56cd6.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ddbc4908272a1d0f339b58627a6795a7daff257470741474cc9203b9a9a56cd6.exe
Resource
win10v2004-20240419-en
General
-
Target
ddbc4908272a1d0f339b58627a6795a7daff257470741474cc9203b9a9a56cd6.zip
-
Size
15KB
-
MD5
8339423b4c3fc3443ffc4289fc8de08e
-
SHA1
cbc241b285d7eb5e816e7cf4901f94c36d047929
-
SHA256
6ee15a1416677e66cb9056fe3398a4bf8b2fab1d0d80bceceda2a14ef79e77bd
-
SHA512
c19b9107e68e39fa76079283820864779ea71ef42f06f85cc869c7bb61a5ad618eacb0f2cb5f9cececf6d908d998a3d68bbe1427aa4b53cf8b923a622e268bd0
-
SSDEEP
384:YrQyVe+JlrhZ2vlvlpz21k61fSu/nOibS1pblGB6mF:YrQge+zdctL2B1fS2Oibwy6mF
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/ddbc4908272a1d0f339b58627a6795a7daff257470741474cc9203b9a9a56cd6.exe
Files
-
ddbc4908272a1d0f339b58627a6795a7daff257470741474cc9203b9a9a56cd6.zip.zip
Password: infected
-
ddbc4908272a1d0f339b58627a6795a7daff257470741474cc9203b9a9a56cd6.exe.exe windows:5 windows x86 arch:x86
Password: infected
795ac0c8980e7eada30923a008ec96ec
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
wininet
DeleteUrlCacheEntryW
msvcr90
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
__setusermatherr
_unlock
__dllonexit
_configthreadlocale
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
srand
mbstowcs
rand
strlen
?terminate@@YAXXZ
_lock
kernel32
IsDebuggerPresent
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
Sleep
LoadLibraryA
GetProcAddress
GetTickCount
FreeLibrary
UnhandledExceptionFilter
GetCurrentProcess
user32
wsprintfW
MessageBoxA
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 908B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 49KB - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 610B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ