C:\zucafupoto\vidar35\fagufidoto\xonajijiti-vuyekeneh\nunoxor.pdb
Static task
static1
Behavioral task
behavioral1
Sample
55c01c3e351dc7e3c3d567bba01150e42314c51328b0e164963abcdf549f975a.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
55c01c3e351dc7e3c3d567bba01150e42314c51328b0e164963abcdf549f975a.exe
Resource
win10v2004-20240802-en
General
-
Target
ab9e5ea06c7a9b6d7aef25faecc2e201.zip
-
Size
403KB
-
MD5
dad0a1223e26a6c79d1b5dbd783794c2
-
SHA1
ff96633d901f2075b7cc6ea42c7004418180c5cb
-
SHA256
6e3d9e1503309cab4f0ef335a55264eb04dec4455cfa5b778ccfc0dfd50ed06c
-
SHA512
27b3e43ae2f5aa1bce9e939f2943221c30121888a37fb4cb08375c54f4c3c874ed16afd65a2c17bd7dbb9ed5af546d511f620db321efe2a2ef5b737c299aadd7
-
SSDEEP
12288:AVzrqMm8kW9KHXFJa/FTx0X3xi0U2nPfkP1Q:8QJW9Kfa/FVcUIPK1Q
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/55c01c3e351dc7e3c3d567bba01150e42314c51328b0e164963abcdf549f975a
Files
-
ab9e5ea06c7a9b6d7aef25faecc2e201.zip.zip
Password: infected
-
55c01c3e351dc7e3c3d567bba01150e42314c51328b0e164963abcdf549f975a.exe windows:5 windows x86 arch:x86
Password: infected
6a88739b00d2f75a49bbb4078e077ebf
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
GetSystemDefaultLangID
ExitProcess
GetConsoleAliasesLengthW
GetCPInfo
InterlockedDecrement
AddConsoleAliasW
FreeEnvironmentStringsA
GetModuleHandleW
GetTickCount
SetFileTime
CreateActCtxW
GlobalAlloc
GetConsoleMode
TerminateThread
GetVersionExW
IsBadWritePtr
FileTimeToSystemTime
LocalHandle
GetEnvironmentVariableA
CompareStringW
lstrlenW
VerifyVersionInfoW
GetStartupInfoA
FindFirstFileExA
GetCurrentDirectoryW
GetLongPathNameW
SetLastError
GetProcAddress
WriteProfileSectionA
CopyFileA
GlobalGetAtomNameA
SearchPathA
ProcessIdToSessionId
OpenWaitableTimerW
MoveFileA
SetCurrentDirectoryW
WriteProfileSectionW
GetModuleFileNameA
WriteProfileStringA
GetModuleHandleA
GetProcessShutdownParameters
FreeEnvironmentStringsW
SetFileShortNameA
TlsAlloc
GetWindowsDirectoryW
DeleteFileW
LocalFileTimeToFileTime
GetStartupInfoW
HeapValidate
IsBadReadPtr
RaiseException
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
InterlockedIncrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsSetValue
GetCurrentThreadId
TlsFree
GetLastError
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
GetEnvironmentStringsW
GetCommandLineW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
WriteFile
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
SetFilePointer
WideCharToMultiByte
GetConsoleCP
InitializeCriticalSectionAndSpinCount
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LoadLibraryW
RtlUnwind
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetLocaleInfoA
LoadLibraryA
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CloseHandle
CreateFileA
Sections
.text Size: 479KB - Virtual size: 478KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 41.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 82KB - Virtual size: 81KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ