Static task
static1
Behavioral task
behavioral1
Sample
df2175421c791abbbe00721d185b0126fdcfa65948c5df89db284ccd4ae65d4d.exe
Resource
win7-20240611-en
General
-
Target
df2175421c791abbbe00721d185b0126fdcfa65948c5df89db284ccd4ae65d4d
-
Size
534KB
-
MD5
8e8eaa9b81f664c796225ac49e9ecb71
-
SHA1
320e25a4b4918dd76582c7f7e68f3d68268b17f7
-
SHA256
df2175421c791abbbe00721d185b0126fdcfa65948c5df89db284ccd4ae65d4d
-
SHA512
66529bd7faa3275856fa87e7ec5ed250b0fc694f12e5fab2d1e84aa367844d42c7a19911065c9f2985752d55addc921797c77861081f2f40b5f1a69f84d935d0
-
SSDEEP
12288:1FF+1IiVMR/La01MZa03EiYIRKoMDKd+A1Ll7e7:1FFroMROFZa03EiYILWWvll74
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource df2175421c791abbbe00721d185b0126fdcfa65948c5df89db284ccd4ae65d4d
Files
-
df2175421c791abbbe00721d185b0126fdcfa65948c5df89db284ccd4ae65d4d.exe windows:5 windows x86 arch:x86
ffc2ff5a3518af511170fda4afb8650e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
DeviceIoControl
RequestDeviceWakeup
GetCommProperties
SetTapePosition
CreateTapePartition
SetSystemTime
GetLocalTime
GetNativeSystemInfo
IsProcessorFeaturePresent
SetSystemTimeAdjustment
CreateMailslotW
lstrcpyA
lstrcatA
lstrlenA
lstrlenW
_lwrite
TlsFree
WaitForMultipleObjectsEx
SignalObjectAndWait
ReadFileScatter
OpenFileMappingW
GetLogicalDriveStringsA
LoadLibraryW
GetModuleHandleW
GetModuleHandleExA
FindResourceW
EnumResourceTypesW
BeginUpdateResourceA
EndUpdateResourceA
GetFileInformationByHandle
GetPrivateProfileIntW
GetPrivateProfileSectionA
WritePrivateProfileSectionA
WritePrivateProfileStructA
GetCurrentDirectoryW
RemoveDirectoryA
QueryDosDeviceW
FindFirstFileExA
SearchPathW
SetPriorityClass
SetComputerNameW
GetComputerNameExW
CreateActCtxW
IsWow64Process
EnumCalendarInfoExA
EnumDateFormatsExA
EnumSystemCodePagesW
GetNumberOfConsoleMouseButtons
SetConsoleCursorInfo
WriteConsoleA
AddConsoleAliasA
GetConsoleAliasW
GetConsoleAliasesLengthW
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetStringTypeW
SizeofResource
ReleaseMutex
ReleaseSemaphore
ResetEvent
LockResource
LeaveCriticalSection
InitializeCriticalSection
GetQueuedCompletionStatus
TerminateThread
UnhandledExceptionFilter
GetBinaryTypeA
HeapWalk
HeapFree
HeapCreate
VirtualAllocEx
VirtualQuery
GetProcAddress
GetProfileSectionA
EncodePointer
DecodePointer
RaiseException
RtlUnwind
GetCommandLineW
GetLastError
HeapAlloc
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapSize
IsDebuggerPresent
SetLastError
GetCurrentThreadId
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameW
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
LCMapStringW
EnterCriticalSection
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
OutputDebugStringW
CloseHandle
user32
GetUpdateRgn
TrackPopupMenu
GetMessageExtraInfo
DlgDirSelectComboBoxExW
advapi32
DeleteAce
SetServiceObjectSecurity
CloseServiceHandle
ChangeServiceConfigA
RegUnLoadKeyA
RegQueryValueExA
RegEnumKeyA
RegConnectRegistryW
GetCurrentHwProfileW
LookupPrivilegeNameA
IsValidSecurityDescriptor
AddAccessDeniedObjectAce
AddAccessAllowedAce
AreAnyAccessesGranted
ObjectPrivilegeAuditAlarmA
OpenEventLogA
NotifyChangeEventLog
Sections
.text Size: 67KB - Virtual size: 67KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 362KB - Virtual size: 361KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 73.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 91KB - Virtual size: 91KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ