Static task
static1
Behavioral task
behavioral1
Sample
e93ea2c9e689a35ef77e597a4cf34409f9c02dd74790716eae060304995d6289.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
e93ea2c9e689a35ef77e597a4cf34409f9c02dd74790716eae060304995d6289.exe
Resource
win10v2004-20240508-en
General
-
Target
e93ea2c9e689a35ef77e597a4cf34409f9c02dd74790716eae060304995d6289.exe
-
Size
386KB
-
MD5
b44a8dbe40cf3d75a23d5b991246249b
-
SHA1
78f70912abd3599935dd15d12428b41bee81e452
-
SHA256
e93ea2c9e689a35ef77e597a4cf34409f9c02dd74790716eae060304995d6289
-
SHA512
9dbdd06ba87fb1478c07bf97facf69e079553393c3905afc960ea1bb5727aa59b260bd77652b3c877de518234875f6a8fb7fd82096c9049578ae143d47609251
-
SSDEEP
6144:JzYyFEqhqQK0TNhueSIfpzDx0J6Mml61EqIMiFNEnpIxI62:T1oQ1TbnRHclBIMiQpU2
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource e93ea2c9e689a35ef77e597a4cf34409f9c02dd74790716eae060304995d6289.exe
Files
-
e93ea2c9e689a35ef77e597a4cf34409f9c02dd74790716eae060304995d6289.exe.exe windows:4 windows x86 arch:x86
6e76923599dad58912b6a07de69fca53
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
user32
MessageBoxA
LoadMenuA
SetForegroundWindow
GetClassInfoA
RegisterWindowMessageA
PostQuitMessage
SendMessageA
SetWindowsHookExA
LoadIconA
CallNextHookEx
KillTimer
GetMenuItemID
PostMessageA
CharNextA
UnhookWindowsHookEx
EnableWindow
keybd_event
TrackPopupMenu
IsWindow
SetTimer
GetSubMenu
GetCursorPos
SetMenuDefaultItem
GetKeyState
ole32
CoTaskMemAlloc
CoRevokeClassObject
CoTaskMemFree
CoRegisterClassObject
CoInitialize
CoCreateInstance
CoTaskMemRealloc
CoUninitialize
StringFromGUID2
advapi32
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExW
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegSetValueExA
RegDeleteValueA
UnlockServiceDatabase
RegEnumKeyExA
RegQueryValueExW
shlwapi
PathFindExtensionA
PathAppendA
PathAppendW
shell32
RegenerateUserEnvironment
SHLoadNonloadedIconOverlayIdentifiers
ShellExecuteA
oleaut32
LoadTypeLi
RegisterTypeLi
SysFreeString
VariantInit
VariantClear
UnRegisterTypeLi
SysAllocStringLen
VarBstrCmp
VarUI4FromStr
SystemTimeToVariantTime
SysAllocString
wininet
InternetGetConnectedState
kernel32
OutputDebugStringA
LeaveCriticalSection
SizeofResource
lstrcpyA
CloseHandle
GetPrivateProfileStringW
IsDBCSLeadByte
EnterCriticalSection
lstrlenA
GetFileAttributesA
CreateDirectoryA
LoadResource
GetPrivateProfileStringA
InterlockedIncrement
GetCurrentProcessId
InitializeCriticalSection
LocalFree
GetCommandLineA
GetLastError
GetVersion
lstrcpynA
GetSystemTimeAsFileTime
GetTickCount
FindResourceA
GetProcAddress
CreateMutexA
GetThreadLocale
FreeLibrary
GetStartupInfoA
OutputDebugStringW
GetModuleFileNameW
QueryPerformanceCounter
lstrlenW
GetCurrentThreadId
lstrcatA
GetModuleHandleA
ExitProcess
LoadLibraryA
GetSystemPowerStatus
LoadLibraryExA
DeleteCriticalSection
GetACP
GetModuleFileNameA
InterlockedExchange
RaiseException
GetPrivateProfileIntA
InterlockedDecrement
GetLocaleInfoA
GetVersionExA
LocalAlloc
lstrcmpiA
ddraw
DirectDrawCreateEx
Sections
.text Size: 72KB - Virtual size: 72KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 59KB - Virtual size: 58KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 203KB - Virtual size: 203KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 52B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 46KB - Virtual size: 45KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ