Static task
static1
Behavioral task
behavioral1
Sample
2ab3fba51f0e53813e66152f9d462d5e1978c90ddb278152e899d447a2f15128.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
2ab3fba51f0e53813e66152f9d462d5e1978c90ddb278152e899d447a2f15128.exe
Resource
win10v2004-20240802-en
General
-
Target
2ab3fba51f0e53813e66152f9d462d5e1978c90ddb278152e899d447a2f15128
-
Size
1.6MB
-
MD5
6c88eea1ddfc7708f6326f804c579fa4
-
SHA1
784b67becfcdb4d49cc7c403754cd5cd47fcacbd
-
SHA256
2ab3fba51f0e53813e66152f9d462d5e1978c90ddb278152e899d447a2f15128
-
SHA512
b0b52b10419cfbd350b09f4cab663de945cae5784518c31996218404ae8d62e00b863a3f33a5f83466ec4e00b78793a731f8ad91a749c390ebf6df3eb94f3b68
-
SSDEEP
24576:bgRL+Qkvs9rztVZ8NAr5jWIM4B2sHsarWybG+lzyASmO6UYqNHYnmD7/g:bgRinsRx8NS9FVHdrWybJXSmxUPHQW
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2ab3fba51f0e53813e66152f9d462d5e1978c90ddb278152e899d447a2f15128
Files
-
2ab3fba51f0e53813e66152f9d462d5e1978c90ddb278152e899d447a2f15128.exe windows:6 windows x64 arch:x64
3209c8920d339158478026fac970a08c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
ReadFile
FindFirstFileW
EnterCriticalSection
WriteFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
SetEndOfFile
FindClose
WaitForSingleObject
CreateFileW
DeleteFileW
CloseHandle
LCMapStringW
CreateProcessW
lstrcmpW
SystemTimeToFileTime
FindNextFileW
RemoveDirectoryW
SetFileTime
UnmapViewOfFile
GetStartupInfoW
SetFileAttributesW
MoveFileExW
LocalFileTimeToFileTime
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableW
HeapSize
LoadResource
GetOEMCP
GetACP
IsValidCodePage
SetStdHandle
FlushFileBuffers
HeapReAlloc
GetFileSizeEx
GetConsoleOutputCP
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapAlloc
CreateDirectoryW
GetUserDefaultLCID
GetEnvironmentStringsW
WideCharToMultiByte
GetModuleHandleW
LocalFree
GetCurrentDirectoryW
LockResource
MultiByteToWideChar
FreeEnvironmentStringsW
GetFileAttributesW
GetModuleFileNameW
GetCommandLineW
SizeofResource
DeleteCriticalSection
ReadConsoleW
GetConsoleMode
RtlUnwind
SetFilePointerEx
HeapFree
GetCommandLineA
GetStdHandle
GetModuleHandleExW
ExitProcess
GetFileType
FindFirstFileExW
GetFileAttributesExW
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RaiseException
OutputDebugStringW
IsDebuggerPresent
GetCPInfo
LCMapStringEx
EncodePointer
GetStringTypeW
FindResourceW
DecodePointer
GetLastError
GetExitCodeProcess
InitializeCriticalSectionEx
user32
SendMessageW
wsprintfW
oleaut32
VariantInit
VariantCopy
VariantClear
shlwapi
PathIsDirectoryW
Sections
.text Size: 310KB - Virtual size: 309KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 99KB - Virtual size: 99KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ