C:\wofo.pdb
Static task
static1
Behavioral task
behavioral1
Sample
d29a3b017f6a864c855fca570073d822bb37a77006467b8a75f04ce7edcbfedc.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
d29a3b017f6a864c855fca570073d822bb37a77006467b8a75f04ce7edcbfedc.exe
Resource
win10v2004-20240802-en
General
-
Target
dc63c79c3f7bc083812b8e8f47c44902.zip
-
Size
192KB
-
MD5
2e1d4419d0bba44d6b13acf7daf4fd7e
-
SHA1
2bb303efc6233efaa374b5bbe61124f9d93a2319
-
SHA256
1806e405c12737768f8c99f5e04d781920b2585283d82ff0683203fe5d991eda
-
SHA512
321dcd7ade31e535822f4e6082481891630a579c2fb3884da4f76d7cf53383d7aef61745f75a2412aa45ae4fa28271b326e2fd694a5397967155a28bf007cf9b
-
SSDEEP
6144:V/72CwV75xp56SjNjmWLHNIFaUTTdKAXjl:pw5T1jRmWLHNIFaUTTdVzl
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/d29a3b017f6a864c855fca570073d822bb37a77006467b8a75f04ce7edcbfedc
Files
-
dc63c79c3f7bc083812b8e8f47c44902.zip.zip
Password: infected
-
d29a3b017f6a864c855fca570073d822bb37a77006467b8a75f04ce7edcbfedc.exe windows:5 windows x86 arch:x86
Password: infected
b6fc451038266fcf59b2e92a5ee2c7df
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
GetThreadContext
UnregisterWait
DosDateTimeToFileTime
FindFirstChangeNotificationW
CopyFileExW
TlsGetValue
CallNamedPipeA
HeapAlloc
SetWaitableTimer
InterlockedIncrement
InterlockedDecrement
GlobalLock
GetProfileStringW
FreeEnvironmentStringsA
CreateNamedPipeW
LocalFlags
GetCompressedFileSizeW
SetCommState
GetCommandLineA
SetProcessPriorityBoost
GetSystemTimes
ActivateActCtx
GlobalAlloc
GetPrivateProfileIntA
GetSystemDirectoryW
GetVolumeInformationA
LoadLibraryW
TerminateThread
LeaveCriticalSection
VerifyVersionInfoA
IsDBCSLeadByte
lstrlenW
LCMapStringA
InterlockedExchange
GetStartupInfoA
SetThreadLocale
GetCPInfoExW
GetLastError
SetLastError
GetProcAddress
SetStdHandle
DisableThreadLibraryCalls
LoadLibraryA
WritePrivateProfileStringA
FindAtomA
GetModuleFileNameA
WriteProfileStringA
GetThreadPriority
CreateIoCompletionPort
GetModuleHandleA
QueryMemoryResourceNotification
HeapSetInformation
FreeEnvironmentStringsW
FindNextFileW
GetCurrentDirectoryA
GetCurrentThreadId
LocalSize
EnumResourceLanguagesW
GetSystemTime
GetProfileSectionW
GetStartupInfoW
HeapValidate
IsBadReadPtr
RaiseException
EnterCriticalSection
GetFileType
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetModuleHandleW
Sleep
ExitProcess
TlsAlloc
TlsSetValue
TlsFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
RtlUnwind
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
DeleteCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStdHandle
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapSize
HeapReAlloc
VirtualAlloc
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
SetFilePointer
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
DebugBreak
OutputDebugStringA
OutputDebugStringW
LCMapStringW
CreateFileA
CloseHandle
FlushFileBuffers
Sections
.text Size: 111KB - Virtual size: 110KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 34KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 67KB - Virtual size: 122KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 14.3MB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ