C:\siwacumuniy.pdb
Static task
static1
Behavioral task
behavioral1
Sample
f4debee839654168bc951377f49cb7f3af9cc125168975e3ea1a111f92efb705.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
f4debee839654168bc951377f49cb7f3af9cc125168975e3ea1a111f92efb705.exe
Resource
win10v2004-20240802-en
General
-
Target
4fece95c5138be47dc60bef4279def37.zip
-
Size
177KB
-
MD5
c01ca859a8ba4b5b43713f206c06036d
-
SHA1
c58bdf8ebecf2ca453dbac1363b06919030f7976
-
SHA256
20d18575cd105fb4081c0de2bb959303a7d18e8e1afee5dfd33728fdd223c23b
-
SHA512
064440faa196fbcbc2407d0459539fafc3cdccbf06cb6a84dfb53141b496fad2539a48670d99a97aae6960193810b02b20b28423fbcef8766ae1e7fd19b1226d
-
SSDEEP
3072:NOrhEGkefWdg2KHtU9+6EdFzMBeJLd+5SJzEWVO5Zx/q9qWxSD5op8:gGGkrg2KNUYTMBcZGizEWV2HqMWxu2a
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/f4debee839654168bc951377f49cb7f3af9cc125168975e3ea1a111f92efb705
Files
-
4fece95c5138be47dc60bef4279def37.zip.zip
Password: infected
-
f4debee839654168bc951377f49cb7f3af9cc125168975e3ea1a111f92efb705.exe windows:5 windows x86 arch:x86
Password: infected
848a7504f9e97d3a5e7cf95079b638a5
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
GetCommandLineW
GetThreadContext
SearchPathW
SetInformationJobObject
FindFirstChangeNotificationW
lstrlenA
CopyFileExW
InterlockedIncrement
GetSystemWindowsDirectoryW
GetProfileStringW
SetConsoleScreenBufferSize
CallNamedPipeW
FreeEnvironmentStringsA
SetTapeParameters
CreateNamedPipeW
GetCompressedFileSizeW
SetCommState
CreateActCtxW
FindResourceExA
SetFileShortNameW
LoadLibraryW
SizeofResource
GetSystemWow64DirectoryW
HeapDestroy
CreateSemaphoreA
GetBinaryTypeA
GetModuleFileNameW
GetSystemDirectoryA
GetStartupInfoW
LCMapStringA
GetPrivateProfileIntW
GetLastError
SetLastError
GetProcAddress
SetStdHandle
LocalAlloc
GetNumberFormatW
FindAtomA
FindNextFileA
CreateIoCompletionPort
HeapSetInformation
GetCurrentDirectoryA
OutputDebugStringA
GetCPInfoExA
FindAtomW
DeleteFileW
GetSystemTime
InterlockedDecrement
DecodePointer
GetModuleHandleW
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
WriteFile
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentThreadId
TlsFree
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapValidate
IsBadReadPtr
HeapCreate
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
WriteConsoleW
OutputDebugStringW
MultiByteToWideChar
GetStringTypeW
LCMapStringW
HeapAlloc
GetModuleFileNameA
HeapReAlloc
HeapSize
HeapQueryInformation
HeapFree
IsProcessorFeaturePresent
FlushFileBuffers
ReadFile
RaiseException
CreateFileW
CloseHandle
Sections
.text Size: 114KB - Virtual size: 113KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 34KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 67KB - Virtual size: 4.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11.5MB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ