Behavioral task
behavioral1
Sample
a35b261ae3eb70b6a3fc3c87768006e11559b4dba08d92a8baf2ff651fb8a189.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a35b261ae3eb70b6a3fc3c87768006e11559b4dba08d92a8baf2ff651fb8a189.exe
Resource
win10v2004-20240508-en
General
-
Target
a35b261ae3eb70b6a3fc3c87768006e11559b4dba08d92a8baf2ff651fb8a189
-
Size
10.1MB
-
MD5
18d4459e819f8410bfad034da7a967c9
-
SHA1
741d9f39af4b1f15e47acad148d2093fe9f716b0
-
SHA256
a35b261ae3eb70b6a3fc3c87768006e11559b4dba08d92a8baf2ff651fb8a189
-
SHA512
949c8f87395c72121f4c2f6b1523b203d5c84ae082986641baaf48527c03ef57511c45d0ed28075a7b42910f9e32e24a38681ef12e20cb67af7c90aeafba401b
-
SSDEEP
196608:GzAR5wlovRZ8LwiQwwH3ZuczsJQaIrExSzpaJJEnxX1gVcKQOnzPSWhA:aARIR5wXXQt0paJOnjGJdWAA
Malware Config
Signatures
-
Processes:
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource a35b261ae3eb70b6a3fc3c87768006e11559b4dba08d92a8baf2ff651fb8a189
Files
-
a35b261ae3eb70b6a3fc3c87768006e11559b4dba08d92a8baf2ff651fb8a189.exe windows:5 windows x64 arch:x64
628855022f48c88ab017733b66dc8821
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
GetVersionExA
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
oleaut32
SysAllocStringLen
user32
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW
advapi32
LookupAccountSidA
gdi32
CreateFontIndirectA
version
GetFileVersionInfoSizeA
shell32
DragQueryFileA
opengl32
wglUseFontBitmapsA
ole32
CoCreateGuid
comctl32
InitCommonControls
shlwapi
AssocQueryStringW
comdlg32
ChooseColorA
ntdll
ZwCreateSection
ws2_32
__WSAFDIsSet
wsock32
closesocket
imagehlp
StackWalk64
uxtheme
OpenThemeData
psapi
GetMappedFileNameA
hhctrl.ocx
HtmlHelpA
imm32
ImmGetContext
lua53-64
lua_close
wininet
InternetOpenA
wtsapi32
WTSSendMessageW
Sections
.text Size: - Virtual size: 7.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 620KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: - Virtual size: 5.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pdata Size: - Virtual size: 402KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 204KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 744KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gnu_deb Size: - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.vmp1 Size: - Virtual size: 3.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp2 Size: 10.0MB - Virtual size: 10.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 161KB - Virtual size: 161KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ