Static task
static1
General
-
Target
GZeawTYQPJ.exe
-
Size
23.6MB
-
MD5
f295b99203181521cd9a615c237f8717
-
SHA1
355cf36198b803d95a580b21f742622ed75a2954
-
SHA256
04f5f05964af9aac8733e2fc1493d898107eb0e347e7fd9a4275fabdd2ff0750
-
SHA512
a0dee8690354b99e03e860221ade313cb62df179ee37e178cd30f848975a042404332d1faa6db927cb98577fc2cb392252c53629d79d7b25791ad8a87ec1eb9e
-
SSDEEP
393216:rhUmN+aQQbwQiDHn+Z7Ii1j8pRwbz1OvczhaeUZLLG8lb3S7HnAq7aOm:r1kH+iidZO0ecrHAq7Nm
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource GZeawTYQPJ.exe
Files
-
GZeawTYQPJ.exe.exe windows:6 windows x64 arch:x64
f0a67e2f7eaa9d3809b5f8ca0899ff46
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
TerminateThread
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
MessageBoxA
advapi32
CryptDestroyHash
shell32
ShellExecuteA
msvcp140
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
normaliz
IdnToAscii
wldap32
ord143
crypt32
CertFreeCertificateChainEngine
ws2_32
closesocket
shlwapi
PathFindFileNameW
rpcrt4
UuidCreate
psapi
GetModuleInformation
ntdll
RtlCaptureContext
userenv
UnloadUserProfile
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__current_exception_context
api-ms-win-crt-runtime-l1-1-0
_initterm
api-ms-win-crt-stdio-l1-1-0
fputs
api-ms-win-crt-heap-l1-1-0
_callnewh
api-ms-win-crt-convert-l1-1-0
atoi
api-ms-win-crt-time-l1-1-0
strftime
api-ms-win-crt-filesystem-l1-1-0
_access
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-string-l1-1-0
strcmp
api-ms-win-crt-utility-l1-1-0
rand
api-ms-win-crt-math-l1-1-0
_dclass
Sections
.text Size: - Virtual size: 471KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 110KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.___0 Size: - Virtual size: 14.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.___1 Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.___2 Size: 23.6MB - Virtual size: 23.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 292B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ