Static task
static1
Behavioral task
behavioral1
Sample
9e3abe1e978219dd4626dbf41f691a29eff7f0aa995eca5b245fbd9d06fe0ba2.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9e3abe1e978219dd4626dbf41f691a29eff7f0aa995eca5b245fbd9d06fe0ba2.exe
Resource
win10v2004-20240508-en
General
-
Target
9e3abe1e978219dd4626dbf41f691a29eff7f0aa995eca5b245fbd9d06fe0ba2
-
Size
68KB
-
MD5
f894a0a88d75702aa9245b24d888547b
-
SHA1
8a186759207be99df3ebd8f778d10ad4770c901a
-
SHA256
9e3abe1e978219dd4626dbf41f691a29eff7f0aa995eca5b245fbd9d06fe0ba2
-
SHA512
b18764282ee1a9a4219b158bdb983e47379da3532d6eda03de6d264851336cd721a8908b94527b0091f6f5a0ffa6eb1e613ad2207b8172373acbc363fe7df525
-
SSDEEP
1536:dB8GgPtAELj0OK6QYKKpsTwbRXNRu1q9xzGC1tj:dB8GgP56KcowqyC
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 9e3abe1e978219dd4626dbf41f691a29eff7f0aa995eca5b245fbd9d06fe0ba2
Files
-
9e3abe1e978219dd4626dbf41f691a29eff7f0aa995eca5b245fbd9d06fe0ba2.exe windows:4 windows x86 arch:x86
11ec931bb8880c04aef9be47c0d96949
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
Sleep
CloseHandle
CreateProcessW
GetLastError
GetProcAddress
LoadLibraryA
ExitProcess
FindResourceW
LoadResource
SizeofResource
LockResource
wsock32
htons
bind
listen
gethostbyname
accept
WSAStartup
connect
shutdown
closesocket
recv
send
socket
rasapi32
RasSetEntryPropertiesW
RasEnumDevicesW
RasGetEntryDialParamsW
RasDialW
advapi32
CloseServiceHandle
OpenServiceW
CreateServiceW
OpenSCManagerW
StartServiceW
Sections
.text Size: 52KB - Virtual size: 50KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ