Static task
static1
Behavioral task
behavioral1
Sample
0d153a15722bd4c5c08dbbce4428c900N.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
0d153a15722bd4c5c08dbbce4428c900N.exe
Resource
win10v2004-20240802-en
General
-
Target
0d153a15722bd4c5c08dbbce4428c900N.exe
-
Size
6.4MB
-
MD5
0d153a15722bd4c5c08dbbce4428c900
-
SHA1
4c7fa2c531f818e449b1fba8d3b7b88ebc90bb12
-
SHA256
9a77e759c15af3b5bc60f0e7f9a2dfee616be018d236823fa91857d6de00f93e
-
SHA512
c0ec6183e4d67b21e76becbc183b214254680b8a295dea63ca81b642008b26854fa2a43e6fe314077b6dce06f909959473d6df33f5267ff9c129af5d4419f355
-
SSDEEP
196608:PjLN2rZUu6WFNsabyFpOGzirona/GS8bF6VTUWtvzjXqw+vtEzmPUtGqwYMno0ig:bLElyHaQ23tvyvtEzmPUC
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0d153a15722bd4c5c08dbbce4428c900N.exe
Files
-
0d153a15722bd4c5c08dbbce4428c900N.exe.exe windows:6 windows x86 arch:x86
d6c7ee93d956e7dfdf31b65951fb3071
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
TlsSetValue
IsValidCodePage
FreeEnvironmentStringsW
RaiseException
SetStdHandle
GetCommandLineA
FreeLibrary
GetModuleHandleExW
DeleteCriticalSection
FreeLibraryAndExitThread
PeekNamedPipe
HeapReAlloc
DeleteFileW
QueryPerformanceCounter
GetModuleHandleA
FileTimeToSystemTime
GetTimeZoneInformation
HeapAlloc
GetModuleFileNameW
GetCPInfo
GetDriveTypeW
GetFileAttributesExW
GetCurrentProcess
FindNextFileW
LeaveCriticalSection
GetTickCount
ReadConsoleW
CreateFileA
EncodePointer
GetModuleHandleW
FlushFileBuffers
WideCharToMultiByte
LoadLibraryA
GetEnvironmentVariableA
GetStdHandle
DecodePointer
ExitProcess
GetCurrentDirectoryW
ExitThread
HeapFree
MoveFileExA
GetConsoleOutputCP
InitializeCriticalSection
GetFileType
WaitForMultipleObjects
SystemTimeToTzSpecificLocalTime
SleepEx
GetCurrentProcessId
CreateThread
TlsFree
GetCurrentThreadId
SetFilePointerEx
WriteConsoleW
UnhandledExceptionFilter
GetProcAddress
QueryPerformanceFrequency
SetEndOfFile
FormatMessageA
InitializeCriticalSectionAndSpinCount
CreateFileW
CompareStringW
SetLastError
FindFirstFileExW
GetFileInformationByHandle
InitializeSListHead
TlsGetValue
MultiByteToWideChar
HeapSize
GetOEMCP
GetFileSize
CloseHandle
GetSystemTimeAsFileTime
GetEnvironmentStringsW
GetSystemDirectoryA
LoadLibraryExW
EnterCriticalSection
WriteFile
GetStartupInfoW
GetFullPathNameW
Sleep
FindClose
WaitForSingleObject
RtlUnwind
SetUnhandledExceptionFilter
GetCommandLineW
TerminateProcess
LCMapStringW
GetProcessHeap
SetEnvironmentVariableW
MoveFileExW
ReadFile
GetConsoleMode
GetVersionExA
GetStringTypeW
GetLastError
GetFileSizeEx
TlsAlloc
GetACP
IsProcessorFeaturePresent
IsDebuggerPresent
user32
RegisterClassExW
CreateWindowExW
FillRect
SetWindowPos
MessageBoxW
ShowWindow
TranslateMessage
PostMessageW
BeginPaint
GetWindowRect
RedrawWindow
GetMessageW
EndPaint
LoadIconW
GetClientRect
DefWindowProcW
DispatchMessageW
PostQuitMessage
DrawTextW
GetSystemMetrics
UpdateWindow
gdi32
DeleteObject
CreateSolidBrush
SetTextColor
SetBkMode
advapi32
CryptDestroyHash
RegEnumKeyExA
CryptCreateHash
CryptEncrypt
CryptReleaseContext
CryptAcquireContextA
CryptHashData
CryptDestroyKey
CryptImportKey
CryptGetHashParam
CryptGenRandom
crypt32
PFXImportCertStore
CryptDecodeObjectEx
CertCloseStore
CertOpenStore
CertFindExtension
CertEnumCertificatesInStore
CertFindCertificateInStore
CryptStringToBinaryA
CertFreeCertificateContext
CertCreateCertificateChainEngine
CertAddCertificateContextToStore
CryptQueryObject
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertGetCertificateChain
wldap32
ord46
ord41
ord27
ord301
ord33
ord79
ord35
ord32
ord200
ord30
ord26
ord45
ord60
ord22
ord211
ord50
ord143
ord217
ws2_32
closesocket
send
WSAGetLastError
WSACleanup
WSAStartup
recv
ntohs
getsockname
getpeername
WSASetLastError
getsockopt
setsockopt
connect
WSAIoctl
bind
htons
socket
inet_ntoa
htonl
gethostbyname
inet_addr
getservbyname
gethostbyaddr
getservbyport
accept
listen
sendto
recvfrom
select
__WSAFDIsSet
gethostname
ntohl
ioctlsocket
Sections
.text Size: 5.8MB - Virtual size: 5.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 136KB - Virtual size: 135KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 44KB - Virtual size: 58KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 74KB - Virtual size: 73KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ