C:\lepatepap-henihozesi-cuxaleluja.pdb
Static task
static1
Behavioral task
behavioral1
Sample
9d4f75a0010bb641b3429acee75c668c42b991c897a80d6ac4ffe84f2cea44c0.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
9d4f75a0010bb641b3429acee75c668c42b991c897a80d6ac4ffe84f2cea44c0.exe
Resource
win10v2004-20240802-en
General
-
Target
8ef57b0ee52ad8d343c5febce2c3caf3.zip
-
Size
7.3MB
-
MD5
d9bc5f20e9ac28ddc0b3214d89554d04
-
SHA1
2a0438d458e17187ed7e681114882ed3f6591125
-
SHA256
730b0be8bf7b5c2c19c83650efcc341ecaf6e9c02e5ef7fe0ce5fb4a00a54007
-
SHA512
20e370e7ebbd929326058f0d3d3993509e2dbe14013fe3c4f87bb989301a78b54a8f47dc9921cafee9a534d747fd36b7d20c867d391ee6c283be0ad708927704
-
SSDEEP
196608:RiZcvoXtY7Ac5cZVda3bMPPMA5SG8reAb2gOfRK4:RiZcvn9cZVbb5SGs2gef
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/9d4f75a0010bb641b3429acee75c668c42b991c897a80d6ac4ffe84f2cea44c0
Files
-
8ef57b0ee52ad8d343c5febce2c3caf3.zip.zip
Password: infected
-
9d4f75a0010bb641b3429acee75c668c42b991c897a80d6ac4ffe84f2cea44c0.exe windows:5 windows x86 arch:x86
Password: infected
8d7835f3c937376951e2e2f5305d0788
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
lstrlenA
HeapAlloc
EndUpdateResourceW
GetQueuedCompletionStatus
ReadConsoleA
GetCurrentProcess
SetEvent
SleepEx
BackupSeek
GetEnvironmentStrings
InitAtomTable
HeapDestroy
GetFileAttributesA
FindNextVolumeW
IsProcessorFeaturePresent
GetTapePosition
WriteConsoleW
GetModuleFileNameW
ReleaseSemaphore
DeactivateActCtx
InterlockedExchange
GetProcAddress
BeginUpdateResourceW
GetProcessVersion
LocalAlloc
RemoveDirectoryW
SetConsoleWindowInfo
GetModuleHandleA
GetConsoleTitleW
VirtualProtect
SetProcessShutdownParameters
GetCurrentProcessId
FindNextVolumeA
lstrcpyA
CreateFileW
HeapSize
GetCommandLineW
HeapSetInformation
GetStartupInfoW
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetLastError
HeapFree
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
CloseHandle
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
HeapCreate
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
Sleep
SetStdHandle
FlushFileBuffers
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetStringTypeW
LoadLibraryW
HeapReAlloc
RaiseException
Exports
Exports
@GetFirstVice@8
@SetViceVariants@12
Sections
.text Size: 99KB - Virtual size: 98KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 17KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.religi Size: 1024B - Virtual size: 624B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.budih Size: 512B - Virtual size: 23B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 10.8MB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ