Static task
static1
Behavioral task
behavioral1
Sample
Defender detected 'VirTool:Win32/CeeInject.GF!bit' in file '9bb77c4d-347e-ee27-033e-ed357f543b17.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Defender detected 'VirTool:Win32/CeeInject.GF!bit' in file '9bb77c4d-347e-ee27-033e-ed357f543b17.exe
Resource
win10v2004-20240709-en
General
-
Target
MDE_File_Sample_e6720f3976fde93f1d8fe8694ecbfd1176aa8eea.zip
-
Size
202KB
-
MD5
3d7b4f285163630acea9d456eeb82155
-
SHA1
ef793fcee7b593cd4ddad9ffcf2a4d09f6115509
-
SHA256
a3ae3c48dc5d80d4f216f5e19cbddece880d1f31d52a6e28180dd30ba788b44e
-
SHA512
c261beb0b74d4d44378fceeee49ed43936d68ed5437fdfb3be39ffedf09c378d63d683342f9c78d53a7a08ee0098538a9b01e7f7c1f2fdca23d7f1b5bac1973a
-
SSDEEP
6144:MY7jRv0yDwu48pO0KqWkNakHOqY+TWAHBtw1p6DRZ+gI:X7jpZcu4C52ks3F+TWAHTwC+gI
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/Defender detected 'VirTool:Win32/CeeInject.GF!bit' in file '9bb77c4d-347e-ee27-033e-ed357f543b17.exe', during attempted open by 'cmd.exe'
Files
-
MDE_File_Sample_e6720f3976fde93f1d8fe8694ecbfd1176aa8eea.zip.zip
Password: infected
-
Defender detected 'VirTool:Win32/CeeInject.GF!bit' in file '9bb77c4d-347e-ee27-033e-ed357f543b17.exe', during attempted open by 'cmd.exe'.exe windows:5 windows x86 arch:x86
Password: infected
b31494263d632c233f51d844149c9b2a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
comdlg32
GetFileTitleA
shell32
ShellExecuteW
Shell_NotifyIconW
comctl32
PropertySheetA
ImageList_GetImageInfo
ImageList_Draw
ImageList_GetIcon
DestroyPropertySheetPage
ImageList_AddMasked
CreatePropertySheetPageA
winspool.drv
EnumPrintersW
ord203
OpenPrinterW
EnumPrinterDriversA
ClosePrinter
DocumentPropertiesW
kernel32
WriteConsoleW
FlushFileBuffers
InitializeCriticalSection
ReadFile
GetModuleHandleA
SetEndOfFile
SetFileTime
CompareStringW
CompareStringA
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
GetConsoleCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
ExitProcess
GetProcAddress
Sleep
GetModuleHandleW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
GetCommandLineA
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetOEMCP
IsValidCodePage
LCMapStringW
LoadLibraryA
InitializeCriticalSectionAndSpinCount
VirtualAlloc
RtlUnwind
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
MoveFileExW
SetFilePointer
CreateFileA
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
LockResource
CreateFileW
SizeofResource
FindResourceExA
WriteFile
LoadResource
CreateDirectoryW
GetTempFileNameW
LocalFree
DeleteFileW
GetUserDefaultUILanguage
GetLastError
GetTempPathW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
RaiseException
GetVersionExA
HeapDestroy
InterlockedIncrement
InterlockedDecrement
GetTimeZoneInformation
Sections
.text Size: 73KB - Virtual size: 73KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 17KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 203KB - Virtual size: 314KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ