Static task
static1
General
-
Target
App_02029.exe
-
Size
26.2MB
-
MD5
14b077b36efb5ce8578fc96c0628a661
-
SHA1
345482af025e551d93a23c1d9e67ed8a28795460
-
SHA256
8873ed6c639f8bbc81d796e52aee56fe313f9115a0d0e44c819dc8f62ebc1216
-
SHA512
a22c15d78d31e542a710fb3caf3b7ca0971178ba9efc6a501b205d268f52fb92d6e5db38a329bb00c343297cd913f791761cfc9625620132c2ed8250ee63a303
-
SSDEEP
786432:0q4slk73aoPOObePkcDzV9W8k4jLmCqilqOvEVCip88rU:JkY9W8/LmCqgIVC688rU
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource App_02029.exe
Files
-
App_02029.exe.exe windows:6 windows x86 arch:x86
56e27e593045b4f6f67b30951b73ea07
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetModuleHandleW
RemoveDirectoryW
SetEvent
FormatMessageW
GetSystemInfo
Sleep
UnhandledExceptionFilter
GetEnvironmentVariableA
WaitForSingleObject
FreeLibrary
GetFileAttributesW
IsValidLocale
GetFileInformationByHandle
CreateSemaphoreW
ExitProcess
DeleteFileW
GetVersionExW
GetProcessHeap
ReleaseSRWLockExclusive
GetModuleHandleA
InterlockedPushEntrySList
GetFileAttributesExW
MoveFileExW
GetSystemDirectoryW
LCMapStringW
FileTimeToSystemTime
GlobalFree
DeleteTimerQueueTimer
VirtualFree
GetCommandLineW
LoadLibraryExW
GetCommandLineA
GetCurrentThread
VerifyVersionInfoW
GetThreadPriority
SetFileAttributesW
AcquireSRWLockExclusive
RtlUnwind
InitializeSListHead
RegisterWaitForSingleObject
SetEndOfFile
SleepEx
GetProcessAffinityMask
InitializeCriticalSectionEx
VerSetConditionMask
MoveFileW
GetDriveTypeW
SetThreadAffinityMask
HeapAlloc
ResetEvent
DecodePointer
GetProcAddress
CreateDirectoryW
GetFullPathNameW
lstrcatA
GetStdHandle
GetUserDefaultLCID
UnregisterWait
ReleaseSemaphore
InterlockedPopEntrySList
CreateTimerQueueTimer
GlobalMemoryStatus
SwitchToThread
GetCurrentThreadId
QueryPerformanceCounter
HeapReAlloc
EnterCriticalSection
ReadFile
LocalFree
GetLogicalDriveStringsW
GetTimeFormatW
GetLogicalProcessorInformation
FlushFileBuffers
MultiByteToWideChar
TlsSetValue
EncodePointer
GetACP
GetModuleHandleExW
CreateEventW
SetEnvironmentVariableW
SetPriorityClass
TerminateProcess
CreateTimerQueue
WriteFile
TryEnterCriticalSection
GetConsoleMode
GetTickCount
GetNumaHighestNodeNumber
FindClose
ChangeTimerQueueTimer
GetVersion
lstrlenA
ExitThread
VirtualProtect
FindFirstFileExW
GetStartupInfoW
GetFileSizeEx
GetTimeZoneInformation
IsProcessorFeaturePresent
IsValidCodePage
FreeLibraryAndExitThread
GetLocaleInfoW
HeapSize
SetUnhandledExceptionFilter
GetCPInfo
GetCurrentProcess
IsDebuggerPresent
TlsFree
PeekNamedPipe
QueryDepthSList
FindFirstFileW
GetModuleFileNameW
DuplicateHandle
GetDateFormatW
WriteConsoleW
WaitForSingleObjectEx
WideCharToMultiByte
InitializeCriticalSection
TlsAlloc
GetCurrentDirectoryW
GlobalAlloc
SetLastError
SystemTimeToTzSpecificLocalTime
GetConsoleOutputCP
CompareFileTime
GetCurrentProcessId
QueryPerformanceFrequency
FileTimeToLocalFileTime
EnumSystemLocalesW
VirtualAlloc
CreateThread
GlobalUnlock
TlsGetValue
SetThreadPriority
CloseHandle
GetStringTypeW
CompareStringW
FreeEnvironmentStringsW
SetFileTime
GetOEMCP
GetEnvironmentStringsW
LoadLibraryW
RaiseException
GetTickCount64
GetThreadTimes
InitializeCriticalSectionAndSpinCount
UnregisterWaitEx
SignalObjectAndWait
SetFilePointer
GetSystemTimeAsFileTime
GlobalLock
SetStdHandle
DeleteCriticalSection
HeapFree
WaitForMultipleObjects
ReadConsoleW
FindNextFileW
GetFileType
SetFilePointerEx
GetLastError
CreateFileW
LeaveCriticalSection
GetFileSize
InterlockedFlushSList
user32
MessageBoxA
SetDlgItemTextW
wsprintfA
InvalidateRect
SetWindowTextW
GetWindowTextLengthW
ScreenToClient
GetWindowLongW
LoadIconW
MoveWindow
OpenClipboard
GetFocus
SetTimer
LoadStringW
KillTimer
SetFocus
MessageBoxW
EnableWindow
IsDlgButtonChecked
GetParent
MapDialogRect
GetMonitorInfoA
LoadCursorW
SendMessageW
SystemParametersInfoW
GetKeyState
CloseClipboard
GetDlgItem
SetCursor
GetWindowTextW
EndDialog
MonitorFromWindow
GetWindowRect
SetWindowLongW
CharUpperW
DialogBoxParamW
SetClipboardData
EmptyClipboard
CheckDlgButton
PostMessageW
ShowWindow
advapi32
CryptEncrypt
CryptReleaseContext
CryptAcquireContextW
CryptHashData
CloseServiceHandle
CryptDestroyKey
CryptDestroyHash
CryptGetHashParam
CryptImportKey
CryptCreateHash
shell32
SHBrowseForFolderW
SHGetSpecialFolderPathW
SHGetFileInfoW
SHGetPathFromIDListW
ole32
CoInitialize
CoCreateInstance
CoTaskMemFree
OleInitialize
CoUninitialize
oleaut32
SysAllocString
SysFreeString
VariantClear
SysAllocStringLen
SysStringLen
bcrypt
BCryptGenRandom
crypt32
CertGetCertificateChain
CertFreeCertificateChain
CertAddCertificateContextToStore
CertFreeCertificateChainEngine
CertCloseStore
CertFindExtension
CertCreateCertificateChainEngine
CertOpenStore
CryptDecodeObjectEx
CryptQueryObject
CertFindCertificateInStore
CertGetNameStringW
CertEnumCertificatesInStore
CryptStringToBinaryW
PFXImportCertStore
CertFreeCertificateContext
wldap32
ord73
ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord145
ord219
ord46
ord14
ord216
ord208
ord41
ord117
ord26
ord27
ws2_32
recvfrom
sendto
getpeername
ioctlsocket
gethostname
WSAEventSelect
WSACreateEvent
getsockopt
send
getaddrinfo
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
socket
WSAIoctl
freeaddrinfo
closesocket
WSAGetLastError
ntohs
WSASetLastError
WSAStartup
WSACleanup
htons
setsockopt
WSAResetEvent
__WSAFDIsSet
select
accept
bind
connect
getsockname
htonl
listen
recv
WSACloseEvent
Sections
.text Size: 6.7MB - Virtual size: 6.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 277KB - Virtual size: 276KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 97KB - Virtual size: 96KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ