��&���֨�@���E�����nYMiB7�������_�1���qj6E���C�� Y�〡����w!�V�M��V�!��&'���d�?e�d5��Q����6Q;Zy�ۼ��OC�����Jf�a�L���-��]_܇j|%.� ��M�%B�x���6�>��|6\"���j�c�Q�(������A����N^~�Jd67��CR��I��z�a;��W&?�#"��"2K��~+N�������K_Rk��S��~�&�S���ڡ\,��a$�k7NcvZ��ܬɠ� $���s+0%Z�^g6̆��J���V�����$'��F��:�x��ڭ(~�����$�U!�}�h�3��M��j}�.��Y�+��;���`������-8����z���hz��~^�[��C����8BQx����F��Y�߈��b،�"+U�8�I��1��]���5a>@�"������oI @ڞ]u�)o��L|��D� r��c:��qj�^[�l��z��K$�=�?��G�>�4g��ˆ�R�Y�d*�1��Rᣅ:or��~�{�_��%_f0��YmN#�>+��+'-C}>88���,Il�{�v�rKQ���V�̦;Χ��Q���]r���!J�,��s�{0��]{���[��wOR����O[�����������)&�%̾Tf�O>Yɰ#�V!]X����z]h[��!�?ƒ�?:%��yɏ�v�^ɡ�E���0e�8��ʔ��U%Ų�`��>E1�9'� w�DŽ9��>�ź�P��x�r�����SAV��]3�����VU���.�Q�k �$� �w�pX0��Q��=�6�������e�N�6p�Jdƍ���TA���D��欴��RA^i��A�x#ۓ�֠�[�ԴDW� �=x�����;��,N\�em��N��&�٪;j�uG�����Fظ�* e���9�+8�n�Q������]��mM/Q6~��{(n�{�^яYÈܧ�Ra���@o��̕$P�F8w��˹�$$���zK��|=�� ��c��=�;L.���a3���sB�ci���zA�5s�����8/���}C>IM������ꡧ9w[���@���3�N��.�;��4Ϋ!�x���]W&Y��>mGg����[ڝ�(�<*��R����Mm�FJ���N�7���0Q��ι���7���ٚ'E����Vrv ��D�<�7��(`0�Qf-ީ������������|5W$74�漃��R�cx�K�������e�I����,�����̻/�[�A�W�I����ʆ�ߺ������|��r� ��Nj*L!�� *f�+#�Ȣ��-��X��F���s��6�qJ&����� ��� �7 ]�N�̌��Vq�e�m�Jv�sj�?��Z���/O�_��h�E z�3}.�u�Cl�����b����<Ɩ�V1�<C!���f�0?�_��ۍ P>7�_�Ć���,��պ+5����GW��a"_�JA�Nw0�k:mk���Bv��6�S�iD.�R�RF��q�A�M-Kx�|e���U�����N���m�c�mLc�x!�'d܍f�%FK������$���Q%�/H����x�i/��f^= x���#��,'��ė�F=_�����K�c�^gΗ�Y�=pX�3�,([��"����%����V s� �"������j+ʰW�l�'���N4�'d� ��)�5����6��(%-��Q��D�3��e��������:P�O�l����~�e���KO�-����.z��뺴Kʱ�kM�*�H��b@����c �@Qʍu���#����"���~��I��+n�&o�m#�x����� ���]�rO���lE�⒆m���҈��~�gC8�{으�:�2�6���Ɣ���)7��nΗ���zq�{���N^E�{i����N�u���v�������B���S�+��&#���jdW����J䎀�$�4F�b���0��Gsz��7o������`zF@�L��V������E$Z��,�ZT���X'f$`�^t�?+�:��u ��g� Ŕ(�*�������u���}�xk�k������Vv�yQ�o�99;n*�0_P�sը�M���ϲ)��P��t�a����[�?�ʽ���h�79 O�P�pk�5ȟc���b�J��$NnJw��m�a���D���y+���:�'zНQ����d��I�*�i�_;��R<���ӻ<�R�Mr��7���ܚ����i#�h W/!b�qIz��+�������2�j�` 20�ӈ�x�s4\����i��sZW2ĥu��dWOh �� �9Mf�^ �AK;#WM�Q��ĵa;J�f�p��B����rl�p���rt�����&̺ ��ظf�Ù��b{G��#���L�~=憴���>��+b`l�:�U(w�N��eD�a�����#ŭ��~��TB�$�c������� ��`�^c����!4�d�����$q�Ao�o����Xߪ��>띍F�����!�ٞ䰡ޟ�L�ܓ()vC�;x^�"��6/{B/Ɣ��)��M�[�������K�M(�&�|D[���u��t���.RY�S�N��%gbƓ�ߏ�,8=O��ZܘА�$���/zp����4��*G�U� n�MuHx�V������� ��n�ނ'Sr$�*sj���P��O��_�����hv����3����"$�(������҃am<���J�q�+n��}�bC��`�����w��������d` �/i����{�K�B���������恸��U�5(<�N]/�2�����խ���� H-��n �.6���"6���|x�o߷��1�u'�%Ȁ��������oi|��.�ө�GKQ힉߰?塞!�O�k�Ɗ��ƪ=�L�v.>�.�o�����J'�UqP�T���f��Jٛ��N]<�;�ރE��-0��\Jg��F�����t��$��u��/k��k`�a��4S��e�M��u�oA�k�Ί� ��*�Ǽ0t!!��äJ��"2{�U?K���,���o��o�a5
Static task
static1
Behavioral task
behavioral1
Sample
6988f6c0b003e12ab1dee5f3503adf0c111602ccab9b51333e3afc53f2812568.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
6988f6c0b003e12ab1dee5f3503adf0c111602ccab9b51333e3afc53f2812568.exe
Resource
win10v2004-20240802-en
General
-
Target
6988f6c0b003e12ab1dee5f3503adf0c111602ccab9b51333e3afc53f2812568
-
Size
10.6MB
-
MD5
5e3f3cbf150f9a45dc03b40dcb920345
-
SHA1
6c4dbc23da2576ed3d2ec2722d809019fee40973
-
SHA256
6988f6c0b003e12ab1dee5f3503adf0c111602ccab9b51333e3afc53f2812568
-
SHA512
953134e254c0919c7a9966bc8cee7c7c66037d50b3d0f779bf61d2cd5610f6026886bcf2d197bc2ae77caa5373d4fce321800256dc740abeb9de9b117791d11f
-
SSDEEP
196608:Ovff45LqOBJY9QCe+fh9T/BRsKrnrSXZubePw/nnfKQ0wMv9QV1hY/8la1X23uOB:DLbJYQ+fh93JrreZuLn2nC+ElaZ2+wZ3
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 6988f6c0b003e12ab1dee5f3503adf0c111602ccab9b51333e3afc53f2812568
Files
-
6988f6c0b003e12ab1dee5f3503adf0c111602ccab9b51333e3afc53f2812568.exe windows:5 windows x86 arch:x86
27b8cdf0f42f24d4f3317a420e5a6c22
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
iphlpapi
GetAdaptersInfo
winmm
PlaySoundA
ws2_32
closesocket
msvfw32
DrawDibDraw
avifil32
AVIStreamInfoA
kernel32
GetVersion
GetVersionExA
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
RegisterClassA
CharUpperBuffW
gdi32
GetViewportExtEx
msimg32
GradientFill
winspool.drv
OpenPrinterA
comdlg32
GetFileTitleA
advapi32
RegQueryValueA
shell32
SHGetSpecialFolderPathA
ole32
CoRevokeClassObject
oleaut32
SysStringLen
comctl32
ImageList_Duplicate
oledlg
ord8
Exports
Exports
Sections
.text Size: - Virtual size: 2.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 4.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 566KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.l8~ Size: - Virtual size: 6.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.3Vu Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
..\\ Size: 10.4MB - Virtual size: 10.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 188KB - Virtual size: 187KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ