Static task
static1
Behavioral task
behavioral1
Sample
540e2a39cdb76f601f929477a7813490N.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
540e2a39cdb76f601f929477a7813490N.exe
Resource
win10v2004-20240709-en
General
-
Target
540e2a39cdb76f601f929477a7813490N.exe
-
Size
600KB
-
MD5
540e2a39cdb76f601f929477a7813490
-
SHA1
312b92161aff176870866ba4a13a50da09600b7e
-
SHA256
178b430d0ceacf8c418764aaa894e3472129ea30c8032cacb8bd18371fff8a0c
-
SHA512
7615bcf0c55a3866a6ee5a1d495af583976928bc10d0e42afd79247739f3175ff369800113ff2bd2facc5027bda564e99bade58c983777591c9276171d87d2d3
-
SSDEEP
12288:l3Ylz/XlsxJUS2GN2m0JfNuwAJ1SvDG5rDC:lI5lgu1BLswAJ1WDG5rm
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 540e2a39cdb76f601f929477a7813490N.exe
Files
-
540e2a39cdb76f601f929477a7813490N.exe.exe windows:4 windows x86 arch:x86
c825d892ec1994311831ac7bb64ddf1c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
WSAStartup
WSAGetLastError
recv
socket
connect
send
closesocket
kernel32
Sleep
LoadLibraryA
GetProcAddress
TerminateThread
lstrlenA
MultiByteToWideChar
ExitProcess
oleaut32
SysAllocStringLen
SysFreeString
Sections
.text Size: 64KB - Virtual size: 60KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE