CB_Init
Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Static task
static1
Behavioral task
behavioral1
Sample
6ca39838e51cf76a703c851970780fad9dbc940079bbf902a18f20329447f23f.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
6ca39838e51cf76a703c851970780fad9dbc940079bbf902a18f20329447f23f.dll
Resource
win10v2004-20240426-en
General
-
Target
17141111231.zip
-
Size
859KB
-
MD5
26df7ff69405d2d7854ae3941d3a8ffb
-
SHA1
36fb44712cd48d31b588991d3b15e1ce5828a2bf
-
SHA256
e84208a0987b1aa7ac21615bdbc0712ad8e741b4f8a102a89c887de316d428d5
-
SHA512
0adad1fbc5440dfbb8f5032fa5aa4ffd5a158bcb2b57e4ce9e40da6a240ffce0e07db859b6ea1e425dcb0ee354a44bc79cdfb8e56228b189062b4cfc5938f83d
-
SSDEEP
12288:TdUTB5KhSD2f9E0BIFyaz3rbTLo79dCJjkB/qPxU4UoRBUo+arpBu7/Pos+HD+Dt:RUT0S8kRDXl54qCbojUog7IsVK1JeV
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/6ca39838e51cf76a703c851970780fad9dbc940079bbf902a18f20329447f23f
Files
-
17141111231.zip.zip
Password: infected
-
6ca39838e51cf76a703c851970780fad9dbc940079bbf902a18f20329447f23f.dll windows:6 windows x86 arch:x86
a787c3e88708d59c278652d3acb2fd74
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
msvcrt
memset
kernel32
CloseHandle
CreateProcessW
CreateRemoteThread
CreateToolhelp32Snapshot
DeleteProcThreadAttributeList
GetCurrentProcess
GetThreadContext
GlobalAlloc
GlobalFree
InitializeProcThreadAttributeList
IsWow64Process
OpenProcess
OutputDebugStringW
Process32FirstW
Process32NextW
QueryFullProcessImageNameW
ResumeThread
SetThreadContext
UpdateProcThreadAttribute
VirtualAllocEx
VirtualFreeEx
VirtualProtectEx
WaitForSingleObject
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
WriteProcessMemory
lstrcmpA
lstrcmpW
lstrcmpiW
lstrcpyW
lstrlenW
advapi32
AdjustTokenPrivileges
CloseServiceHandle
GetTokenInformation
LookupAccountSidW
LookupPrivilegeValueW
OpenProcessToken
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
shlwapi
PathFindFileNameW
Exports
Exports
Sections
.text Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.0MB - Virtual size: 1.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 76B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.sign Size: 512B - Virtual size: 64B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 320B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ