Static task
static1
Behavioral task
behavioral1
Sample
b6a1e416037083ba6110d833104329c42c15b39a65e19ebc7bfa8a8d84c9262e.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
b6a1e416037083ba6110d833104329c42c15b39a65e19ebc7bfa8a8d84c9262e.exe
Resource
win10v2004-20240508-en
General
-
Target
b6a1e416037083ba6110d833104329c42c15b39a65e19ebc7bfa8a8d84c9262e
-
Size
9.7MB
-
MD5
2a011c67f21bc6e0a578319ec6bf38bf
-
SHA1
977af26f1fea6d097ff0aa3eb55205cbc06db93e
-
SHA256
b6a1e416037083ba6110d833104329c42c15b39a65e19ebc7bfa8a8d84c9262e
-
SHA512
c2aff675888c53712ac07e4e347d3a46f34c764f59c039fb8aa75eab1456d62c42dd9126ff4ae1d3e396d421bbe1bd4fb32ec8f451f7ec258ad8ae23cee8b5a8
-
SSDEEP
196608:yTdeZZixnpdcTDvCgFiOytByYhiRdx+a1tZklZzqBi1ycDVtoyZKC1TmeFPXeHTc:yw4PtRh+ma1tMqBcDVl3jPXezc
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b6a1e416037083ba6110d833104329c42c15b39a65e19ebc7bfa8a8d84c9262e
Files
-
b6a1e416037083ba6110d833104329c42c15b39a65e19ebc7bfa8a8d84c9262e.exe windows:5 windows x86 arch:x86
cc5ca4180cc91abb124508ee332a4474
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
WSACleanup
getaddrinfo
sendto
socket
setsockopt
ntohs
htons
accept
listen
ioctlsocket
recvfrom
gethostname
htonl
ntohl
freeaddrinfo
WSAStartup
WSAIoctl
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
version
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
kernel32
GetSystemDirectoryW
GetWindowsDirectoryW
lstrcmpiW
ResetEvent
SetEvent
WaitForMultipleObjects
LoadLibraryW
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
TlsFree
TlsGetValue
TlsAlloc
TlsSetValue
GetModuleHandleExW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetNativeSystemInfo
GetVersionExW
CreateThread
RaiseException
IsDebuggerPresent
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetProcessId
GetCurrentThreadId
GetSystemInfo
GetSystemTimeAsFileTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
GetThreadPriority
QueryPerformanceFrequency
GetCurrentThread
FileTimeToSystemTime
SetThreadPriority
FindClose
FindNextFileW
FindFirstFileExW
FindFirstFileW
FlushFileBuffers
SetFilePointerEx
SetEndOfFile
GetFileSizeEx
CreateEventW
GetModuleHandleA
ExpandEnvironmentStringsW
ResumeThread
CreatePipe
AssignProcessToJobObject
GetStdHandle
GetExitCodeProcess
OpenProcess
DuplicateHandle
WaitForSingleObject
QueryPerformanceCounter
GetDiskFreeSpaceExW
FormatMessageA
GetCurrentProcessId
GetModuleFileNameW
OutputDebugStringA
LocalFree
GetCommandLineW
WideCharToMultiByte
MultiByteToWideChar
CopyFileW
MoveFileExW
SetCurrentDirectoryW
GetCurrentDirectoryW
DeleteFileW
GetFileAttributesExW
SetFileAttributesW
GetFileAttributesW
CreateFileW
GetTempPathW
RemoveDirectoryW
LoadLibraryExA
SizeofResource
HeapFree
HeapSize
GetSystemDirectoryA
LockResource
HeapReAlloc
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
DecodePointer
HeapDestroy
VerSetConditionMask
GetProcessHeap
VerifyVersionInfoW
GetSystemWow64DirectoryW
LoadLibraryA
IsBadReadPtr
GetLocalTime
GetModuleFileNameA
GetComputerNameExA
SetFilePointer
lstrcpynA
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
InitializeCriticalSection
SleepEx
WaitForSingleObjectEx
ExpandEnvironmentStringsA
GetFileType
PeekNamedPipe
HeapCreate
FlushInstructionCache
MulDiv
GetFullPathNameW
FreeResource
GetVersionExA
GlobalAlloc
GlobalLock
GlobalUnlock
DosDateTimeToFileTime
lstrcpyA
lstrcpyW
lstrlenA
TerminateThread
CreateMutexW
WriteConsoleW
SetThreadAffinityMask
DeviceIoControl
CreateFileA
GetComputerNameW
RtlUnwind
SetStdHandle
GetConsoleCP
GetConsoleMode
ExitThread
FreeLibraryAndExitThread
GetACP
GetDriveTypeW
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadConsoleW
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetEnvironmentVariableW
WriteFile
GetCurrentProcess
GetVolumeInformationW
ReadFile
CreateDirectoryW
ExitProcess
CloseHandle
Sleep
CreateMutexA
TerminateProcess
GetTickCount
LoadLibraryExW
GetProcAddress
FreeLibrary
InitializeCriticalSectionAndSpinCount
SetLastError
GetLastError
OutputDebugStringW
user32
CreatePopupMenu
DestroyMenu
GetMenuItemCount
AppendMenuW
TrackPopupMenu
GetMenuInfo
SetMenuInfo
GetMenuItemInfoW
SetForegroundWindow
SetMenuContextHelpId
FillRect
InvertRect
DrawIconEx
OemToCharBuffW
CreateIconIndirect
CharUpperA
WindowFromPoint
TrackMouseEvent
PtInRect
EqualRect
IsRectEmpty
UnionRect
IntersectRect
InflateRect
CopyRect
SetRect
SetCursor
GetKeyState
GetFocus
SetFocus
IsWindowEnabled
DestroyCursor
GetMonitorInfoW
MonitorFromWindow
LoadCursorW
GetWindow
GetParent
MapWindowPoints
GetWindowRect
GetClientRect
GetDlgItem
CallWindowProcW
MessageBoxA
GetWindowThreadProcessId
IsMenu
CharLowerBuffW
SystemParametersInfoW
SetWindowLongW
SystemParametersInfoA
DrawTextW
IsWindowVisible
ShowWindow
SetWindowPos
DestroyWindow
GetSystemMetrics
GetMessageW
LoadImageW
CreateIconFromResource
LoadBitmapW
GetSysColor
ClientToScreen
EnableMenuItem
GetIconInfo
PostMessageW
GetWindowLongW
wsprintfW
SendMessageW
MessageBoxW
GetActiveWindow
PostQuitMessage
KillTimer
SetLayeredWindowAttributes
TranslateMessage
GetQueueStatus
CallMsgFilterW
MsgWaitForMultipleObjectsEx
PeekMessageW
CharNextW
OffsetRect
DestroyIcon
GetClassNameW
ScreenToClient
SetCaretPos
HideCaret
GetCaretBlinkTime
CreateCaret
GetCursorPos
SetWindowTextW
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
UpdateWindow
ReleaseCapture
SetCapture
GetCapture
IsZoomed
SetTimer
DispatchMessageW
RegisterClassExW
WaitMessage
UnregisterClassW
IsIconic
IsWindow
CreateWindowExW
DefWindowProcW
advapi32
ChangeServiceConfigW
EnumServicesStatusW
ConvertSidToStringSidA
LookupAccountNameW
RegOpenCurrentUser
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptEncrypt
CryptImportKey
CreateProcessAsUserW
RegQueryInfoKeyW
SystemFunction036
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
CreateServiceW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
ChangeServiceConfig2W
DeleteService
ControlService
StartServiceW
QueryServiceConfigW
QueryServiceConfig2W
OpenServiceW
GetAclInformation
GetAce
EqualSid
SetNamedSecurityInfoW
CopySid
GetNamedSecurityInfoW
IsValidSid
AddAce
InitializeAcl
GetLengthSid
OpenThreadToken
GetUserNameA
GetUserNameW
AllocateAndInitializeSid
OpenProcessToken
FreeSid
CheckTokenMembership
GetTokenInformation
ole32
CoTaskMemAlloc
StringFromGUID2
PropVariantClear
CoInitializeSecurity
CoSetProxyBlanket
CoCreateGuid
StringFromCLSID
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemFree
CoInitializeEx
CoUninitialize
shlwapi
ord176
StrIsIntlEqualW
PathRemoveFileSpecW
PathFileExistsW
StrCmpIW
PathAppendW
StrToIntExW
userenv
UnloadUserProfile
CreateEnvironmentBlock
DestroyEnvironmentBlock
winmm
timeBeginPeriod
timeGetTime
timeEndPeriod
imm32
ImmAssociateContext
ImmReleaseContext
ImmGetContext
msimg32
GradientFill
AlphaBlend
gdiplus
GdipGetImageEncoders
GdipBitmapUnlockBits
GdipDrawImageRectI
GdipGraphicsClear
GdipDeleteGraphics
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipCreateBitmapFromStream
GdipGetImageEncodersSize
iphlpapi
GetAdaptersInfo
gdi32
RoundRect
RestoreDC
RectInRegion
PtInRegion
Pie
OffsetRgn
IntersectClipRect
GetTextExtentPoint32W
GetTextColor
GetRgnBox
GetClipRgn
ExcludeClipRect
BitBlt
Ellipse
CreateRectRgnIndirect
CreateRectRgn
CreatePatternBrush
CreatePen
CreateEllipticRgnIndirect
CombineRgn
Arc
SaveDC
GetCurrentObject
SetViewportOrgEx
CreateCompatibleBitmap
StretchBlt
GetObjectW
SetBkMode
Rectangle
GetStockObject
GetClipBox
CreateSolidBrush
CreateFontIndirectW
SelectObject
DeleteDC
CreateCompatibleDC
CreateBitmap
EnumFontsW
SetGraphicsMode
GetDeviceCaps
CreateRoundRectRgn
DeleteObject
ExtSelectClipRgn
SetRectRgn
SetROP2
SetTextColor
GetWorldTransform
SetWorldTransform
CreateDIBSection
ExtCreatePen
Polyline
CreateDIBitmap
CreateDCW
StretchDIBits
GetViewportOrgEx
oleaut32
SysFreeString
SysAllocString
VariantClear
crypt32
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringW
CertAddCertificateContextToStore
CryptStringToBinaryW
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateChain
wininet
InternetConnectW
HttpSendRequestA
InternetOpenA
InternetCheckConnectionW
InternetCrackUrlW
HttpOpenRequestW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
Sections
.text Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 282KB - Virtual size: 281KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1.7MB - Virtual size: 1.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 2B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 383KB - Virtual size: 383KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.ress Size: 8.3MB - Virtual size: 8.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE