Static task
static1
Behavioral task
behavioral1
Sample
d8f0a37788e14306d6f5a6b15417aec0c76d08fd9c788871ad50a9ac7cd6c73f.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
d8f0a37788e14306d6f5a6b15417aec0c76d08fd9c788871ad50a9ac7cd6c73f.exe
Resource
win10v2004-20240508-en
General
-
Target
2a9bf696f1af170e0e1b5ede752a1578.bin
-
Size
4.0MB
-
MD5
79d5845cc0ea5ae27873d91f226e7aed
-
SHA1
fd7d062283f5f1624319055d4b10b279093ed3ed
-
SHA256
65351e13cea23ec8e910fe0f7a10c286033e330eeec1c09c77242f3f4e1518d0
-
SHA512
b6e5343bd98b2abd64bbbe3b869fb5c6cd61ac4f3218aca205eed2effaf69b339f5e52950e5003456a7553d015a41fb067480d61266841907335a6c504fcb654
-
SSDEEP
98304:S6eooZdi1WwSVcTNK0+46ElgJ9jLIwuJO5gfW7pr:STZdi1WwSVdjJtLIwaO5gfWh
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/d8f0a37788e14306d6f5a6b15417aec0c76d08fd9c788871ad50a9ac7cd6c73f.exe
Files
-
2a9bf696f1af170e0e1b5ede752a1578.bin.zip
Password: infected
-
d8f0a37788e14306d6f5a6b15417aec0c76d08fd9c788871ad50a9ac7cd6c73f.exe.exe windows:4 windows x64 arch:x64
e4a8172b80d7ea86eeba3123e2be5bfe
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
VirtualFree
VirtualAlloc
ExitProcess
GetProcAddress
LoadLibraryExA
GetModuleHandleA
VirtualProtect
GetModuleFileNameA
FreeLibrary
GetLastError
CreateMutexA
LoadLibraryA
user32
MessageBoxA
wsprintfA
Sections
.data Size: - Virtual size: 12.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4.0MB - Virtual size: 4.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ex_cod Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 104KB - Virtual size: 104KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ