e:\dev\vircs_muluwu\release\cssrs.pdb
Static task
static1
Behavioral task
behavioral1
Sample
d5baf9595f8e095b6372a57182cd03d72beffc3e082a8196bc68ee6dde596e41.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d5baf9595f8e095b6372a57182cd03d72beffc3e082a8196bc68ee6dde596e41.exe
Resource
win10v2004-20240508-en
General
-
Target
d5dfac778c6191cfc76e4212c2757618.bin
-
Size
45KB
-
MD5
f4e4b049400e10d817fad2823e981aa8
-
SHA1
b7daeb858f93fcb4c1aabd75c5418209e2d61548
-
SHA256
f964a6e0753aa435aa0751c87820e331ad1fb15ac0a5c304e64418df7f25f647
-
SHA512
42021c7f6fbe71341a811e8c6fa364dfd07dc9c2307b1574f03f3f015e0738c1f810b82c163edeaf0c2ba0fd02e0f934808a0e471ee3a6c972d43693906ab7c7
-
SSDEEP
768:a6VnZLuOmEHJrFaFgu9g54gn2yYjZECqO9SqAJkacrcHOgOhT9hQ/HD+pYD9sly0:XVZLuOmCrE3UGlq4SGacrcHVOhT9K+2q
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/d5baf9595f8e095b6372a57182cd03d72beffc3e082a8196bc68ee6dde596e41.exe
Files
-
d5dfac778c6191cfc76e4212c2757618.bin.zip
Password: infected
-
d5baf9595f8e095b6372a57182cd03d72beffc3e082a8196bc68ee6dde596e41.exe.exe windows:5 windows x86 arch:x86
Password: infected
a25963f62b16bf426dcd489d51179deb
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
advapi32
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
psapi
EnumProcesses
EnumProcessModules
GetModuleBaseNameW
shell32
SHFileOperationW
ShellExecuteW
SHGetFolderPathW
shlwapi
StrCatW
StrCpyW
StrCmpW
PathFileExistsW
user32
CreateWindowExW
RegisterDeviceNotificationW
DispatchMessageW
PostQuitMessage
LoadIconW
RegisterClassExW
LoadAcceleratorsW
TranslateMessage
wsprintfW
BeginPaint
LoadCursorW
GetMessageW
TranslateAcceleratorW
EndPaint
SendMessageW
DefWindowProcW
kernel32
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
HeapSize
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetFilePointer
RtlUnwind
HeapReAlloc
VirtualAlloc
GetModuleFileNameW
GetFileSize
GetDriveTypeW
CreateProcessW
OpenProcess
CopyFileW
CreateFileW
lstrlenW
GetLastError
CloseHandle
SetFileAttributesW
CreateMutexW
WaitForSingleObject
Sleep
ReleaseMutex
FindFirstFileW
CreateDirectoryW
FindNextFileW
GetStartupInfoW
ExitThread
ResumeThread
CreateThread
SetUnhandledExceptionFilter
GetModuleHandleW
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
Sections
.text Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 4KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.cleaned Size: 57KB - Virtual size: 57KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 127KB - Virtual size: 128KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
qpamyrr Size: 4KB - Virtual size: 72KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE