Static task
static1
Behavioral task
behavioral1
Sample
0d4afd2cfed2d28a10ab663aa0c51f4b60d587b49020893490c5db7cbc9d0a4d.exe
Resource
win7-20240508-en
General
-
Target
fa7383138b89d723bf99d6b40e9758ae.bin
-
Size
230KB
-
MD5
1e64c7b82541cffdf3c07e2c31f7cda0
-
SHA1
110d75ed58d9dec190a052c727d857931c062bbe
-
SHA256
30f369545192f89f2be9e17a9c9335e6d9725104253a8f2e5dbe2a00c36ab589
-
SHA512
282da4e10053f9aea93ccd71f6e774173aa9d258fdd1cb6e7725bb56ddac005ef1cd320e3bbe49ccbb5eebde67384c1169ff2ea5f0a4464a907ddb619cc82ef2
-
SSDEEP
6144:7dc+KMFFNL3o6lB2anQDeRwqT+nU/fZh5Ogzlh9EzyoYW:7d4MFvLL2dDeR0GZhlREQW
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/0d4afd2cfed2d28a10ab663aa0c51f4b60d587b49020893490c5db7cbc9d0a4d.exe
Files
-
fa7383138b89d723bf99d6b40e9758ae.bin.zip
Password: infected
-
0d4afd2cfed2d28a10ab663aa0c51f4b60d587b49020893490c5db7cbc9d0a4d.exe.exe windows:5 windows x86 arch:x86
Password: infected
e2211dd993c9459fb7efc8776b8ed688
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
SetComputerNameW
GetTickCount
GetWindowsDirectoryA
GetUserDefaultLangID
TlsSetValue
GlobalAlloc
LoadLibraryW
AssignProcessToJobObject
lstrcatA
GetACP
IsBadStringPtrA
GetLastError
SetLastError
GetProcAddress
SetComputerNameA
BuildCommDCBW
GetDiskFreeSpaceW
LoadLibraryA
InterlockedExchangeAdd
FoldStringW
FoldStringA
GetModuleFileNameA
FindFirstVolumeMountPointA
LoadLibraryExA
OutputDebugStringA
WriteProcessMemory
HeapFree
EncodePointer
DecodePointer
HeapReAlloc
GetCommandLineW
HeapSetInformation
GetStartupInfoW
GetModuleHandleW
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
HeapAlloc
HeapCreate
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
Sleep
HeapSize
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsGetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteConsoleW
MultiByteToWideChar
SetFilePointer
SetStdHandle
RtlUnwind
GetCPInfo
GetOEMCP
IsValidCodePage
IsProcessorFeaturePresent
CreateFileW
CloseHandle
GetStringTypeW
LCMapStringW
Sections
.text Size: 29KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 150KB - Virtual size: 207KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 178KB - Virtual size: 177KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ