Static task
static1
Behavioral task
behavioral1
Sample
ad151a7ff1d02e3ff5043b3cc7c85d3e1d7961d012ec0950233f52601e76ff09.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
ad151a7ff1d02e3ff5043b3cc7c85d3e1d7961d012ec0950233f52601e76ff09.exe
Resource
win10v2004-20240709-en
General
-
Target
ad151a7ff1d02e3ff5043b3cc7c85d3e1d7961d012ec0950233f52601e76ff09.exe
-
Size
1.2MB
-
MD5
293bdbec6a256c88eb2cfb4e46e892ae
-
SHA1
885234edc7a3347b49c209569555d9c1083f4f27
-
SHA256
ad151a7ff1d02e3ff5043b3cc7c85d3e1d7961d012ec0950233f52601e76ff09
-
SHA512
f0f67ac6be3bb36babd82a53df0b589135a18185b0f18e0ae6d505769046f94bb378bc19da494dc537e6ce1b67997c3c4ddad10a7dddf2cf7fabf769c3d70dd5
-
SSDEEP
24576:5xIRF9sB8mDluB5N+RcZN69tJq/nTVJdFoa+Se/Z1K+BV4Ztnrm2FsiIRsyHtUoz:5HINUCe5CnrFyNPaugiAUXWeySlD
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ad151a7ff1d02e3ff5043b3cc7c85d3e1d7961d012ec0950233f52601e76ff09.exe
Files
-
ad151a7ff1d02e3ff5043b3cc7c85d3e1d7961d012ec0950233f52601e76ff09.exe.exe windows:6 windows x86 arch:x86
106cbfdf6ab2fd719fc4ae78e1cb0910
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
ntdll
NtWriteFile
NtQueryInformationProcess
RtlUnwind
RtlNtStatusToDosError
RtlGetVersion
NtQuerySystemInformation
RtlCaptureContext
kernel32
HeapAlloc
ReadProcessMemory
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
CreateFileW
OpenProcess
HeapFree
CloseHandle
InitializeSListHead
GetCurrentThreadId
LocalFree
VirtualProtect
WriteProcessMemory
VirtualProtectEx
GetCurrentProcess
GetProcAddress
SleepConditionVariableSRW
TryAcquireSRWLockExclusive
IsDebuggerPresent
CheckRemoteDebuggerPresent
LoadLibraryA
GetProcessHeap
IsProcessorFeaturePresent
GetProcessIoCounters
GetLastError
WaitForSingleObject
UnhandledExceptionFilter
GetSystemTimes
FreeLibrary
EncodePointer
FormatMessageW
VirtualAlloc
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
ReleaseMutex
FindClose
ReleaseSRWLockShared
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
Sleep
QueryPerformanceCounter
GetCurrentThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
GetComputerNameExW
GetProcessTimes
K32GetPerformanceInfo
GlobalMemoryStatusEx
VirtualQueryEx
RaiseException
GetSystemInfo
ReleaseSRWLockExclusive
GetStdHandle
AcquireSRWLockExclusive
TerminateProcess
WakeAllConditionVariable
WakeConditionVariable
HeapReAlloc
AcquireSRWLockShared
WaitForSingleObjectEx
CreateMutexA
GetModuleHandleA
GetFileInformationByHandle
GetFileInformationByHandleEx
FindFirstFileW
GetConsoleMode
LoadLibraryExA
GetModuleHandleW
ExitProcess
GetFullPathNameW
MultiByteToWideChar
WriteConsoleW
CreateThread
InitOnceBeginInitialize
TlsAlloc
InitOnceComplete
TlsFree
GetSystemTimeAsFileTime
GetCurrentProcessId
advapi32
OpenProcessToken
RegOpenKeyExW
GetTokenInformation
RegQueryValueExW
SystemFunction036
AddAccessAllowedAce
SetSecurityInfo
InitializeAcl
IsValidSid
CopySid
GetLengthSid
RegCloseKey
pdh
PdhCollectQueryData
PdhAddEnglishCounterW
PdhGetFormattedCounterValue
PdhRemoveCounter
PdhCloseQuery
PdhOpenQueryA
powrprof
CallNtPowerInformation
oleaut32
SysFreeString
GetErrorInfo
SysStringLen
psapi
GetProcessMemoryInfo
GetModuleFileNameExW
shell32
CommandLineToArgvW
bcrypt
BCryptGenRandom
api-ms-win-crt-heap-l1-1-0
malloc
calloc
_set_new_mode
free
api-ms-win-crt-string-l1-1-0
strcpy_s
wcsncmp
wcslen
api-ms-win-crt-runtime-l1-1-0
_configure_narrow_argv
__p___argv
_cexit
_c_exit
__p___argc
_initialize_narrow_environment
_register_thread_local_exe_atexit_callback
abort
_set_app_type
_exit
_initterm_e
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_controlfp_s
terminate
_get_initial_narrow_environment
_initterm
exit
_seh_filter_exe
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-stdio-l1-1-0
_set_fmode
__p__commode
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 244KB - Virtual size: 244KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 992KB - Virtual size: 991KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ