Static task
static1
Behavioral task
behavioral1
Sample
2a60496f886e56a62e6b5ae656e9959a41c5fcde8ba86ab67d461f3215468be2.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
2a60496f886e56a62e6b5ae656e9959a41c5fcde8ba86ab67d461f3215468be2.exe
Resource
win10v2004-20240709-en
General
-
Target
2a60496f886e56a62e6b5ae656e9959a41c5fcde8ba86ab67d461f3215468be2
-
Size
907KB
-
MD5
51c1b08a5db989c368f7ce42f2caf6f7
-
SHA1
6f0de4376449f9e3ca1a921012e02f2af7e4b40e
-
SHA256
2a60496f886e56a62e6b5ae656e9959a41c5fcde8ba86ab67d461f3215468be2
-
SHA512
e51e148256f10f993095be63b12ce7518e25e21d83f9c4238ed4b8cadef9c3155cb5655452ad8941e5bb9a07ea9338c0bcbd031d9792361158513075cec7651f
-
SSDEEP
12288:r8yI3gXpB9zQkOpFdcOaAaIiF/rmF7H7CVYlOF7b/iyydPwlx3bA:rpI3gXpB9nOpM+ajRa97CjF7bKywPyFk
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2a60496f886e56a62e6b5ae656e9959a41c5fcde8ba86ab67d461f3215468be2
Files
-
2a60496f886e56a62e6b5ae656e9959a41c5fcde8ba86ab67d461f3215468be2.exe windows:5 windows x86 arch:x86
965b42b175ceb9f42820432638a33620
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetCurrentProcess
CreateProcessW
CreateFileW
SetFilePointer
WriteFile
GetTempPathW
GetFileAttributesW
GetModuleFileNameW
GetCurrentDirectoryW
FindResourceW
LoadResource
LockResource
SizeofResource
LocalFree
VerifyVersionInfoW
VerSetConditionMask
FreeLibrary
SetErrorMode
FormatMessageW
WriteConsoleW
FlushConsoleInputBuffer
WaitForSingleObject
PeekConsoleInputW
ReadConsoleInputW
GetStdHandle
GetConsoleMode
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentThreadId
CreateThread
InitializeCriticalSectionAndSpinCount
TerminateProcess
DecodePointer
DeleteCriticalSection
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapSize
GetProcessHeap
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
GetModuleHandleExW
ExitProcess
HeapFree
HeapReAlloc
HeapAlloc
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
CloseHandle
SetSearchPathMode
SetDllDirectoryW
GetSystemDirectoryW
LoadLibraryW
LoadLibraryExW
GetProcAddress
GetModuleHandleW
CompareStringW
GetLastError
InterlockedIncrement
RaiseException
InterlockedDecrement
GetCommandLineW
GetCommandLineA
RtlUnwind
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
OutputDebugStringW
IsDebuggerPresent
GetCPInfo
GetLocaleInfoW
LCMapStringW
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
SetLastError
EncodePointer
GetStringTypeW
WideCharToMultiByte
MultiByteToWideChar
user32
MonitorFromPoint
GetMonitorInfoW
GetProcessWindowStation
GetSystemMetrics
PostThreadMessageW
MessageBoxW
TranslateMessage
DispatchMessageW
SetTimer
LoadCursorW
GetUserObjectInformationW
GetCursorInfo
GetMessageW
LoadIconW
DestroyWindow
GetGUIThreadInfo
KillTimer
DefWindowProcW
GetWindowLongW
SetWindowLongW
GetAncestor
IsWindowVisible
EnumThreadWindows
SetWindowPos
UpdateLayeredWindow
CreateWindowExW
RegisterClassExW
IsWindow
gdi32
CreateCompatibleDC
DeleteObject
CreateDIBSection
DeleteDC
GetDeviceCaps
CreateDCW
SelectObject
advapi32
RegQueryValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
shell32
ShellExecuteW
ole32
CoInitializeEx
CoCreateInstance
oleaut32
SysAllocString
SysFreeString
SysAllocStringByteLen
SysStringLen
VariantChangeType
VariantClear
VariantInit
SysStringByteLen
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopyInd
CreateErrorInfo
GetErrorInfo
SafeArrayRedim
SafeArrayUnlock
SafeArrayCopy
SafeArrayLock
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetVartype
SetErrorInfo
gdiplus
GdipCloneBrush
GdipCreateSolidFill
GdipCreateHatchBrush
GdipCreateFromHDC
GdipAlloc
GdiplusShutdown
GdipDeleteBrush
GdipFillRectangleI
GdipDeleteGraphics
GdipFree
GdiplusStartup
Sections
.text Size: 206KB - Virtual size: 206KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 94KB - Virtual size: 93KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 526KB - Virtual size: 526KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ