Static task
static1
Behavioral task
behavioral1
Sample
3f2677a0956d7fee1f1feeebaaae3fffab3cee42e6e12b6e6bfdd8167c9d1619.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
3f2677a0956d7fee1f1feeebaaae3fffab3cee42e6e12b6e6bfdd8167c9d1619.exe
Resource
win10v2004-20240802-en
General
-
Target
655226e5d9239a83249cd3d6906b9aa2.zip
-
Size
1.7MB
-
MD5
df30ac6e1b3db8efd1c1a6c478c1538a
-
SHA1
ea5ba3f13396c171cb72a7d5700b571dcd5c5d6f
-
SHA256
c86331bb4c728f1d07a7c466478dc540f0e0c29b1f7f6647be5a295bc5f28e56
-
SHA512
702fff6a156af90b6a21481ce0a93c848c3ce1bd659b6aa39953ed2a0121287cdb58737a98aa5aecdc32bed0233072a48544fceab7bf73d9b7191bf686d77987
-
SSDEEP
49152:t/A+dyssc9xK+8ESPd24A+PJ992LjR0Avf6uYIGYOE:J9ys19xH8Eg44399OjR0AH6fInH
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/3f2677a0956d7fee1f1feeebaaae3fffab3cee42e6e12b6e6bfdd8167c9d1619
Files
-
655226e5d9239a83249cd3d6906b9aa2.zip.zip
Password: infected
-
3f2677a0956d7fee1f1feeebaaae3fffab3cee42e6e12b6e6bfdd8167c9d1619.exe windows:5 windows x86 arch:x86
Password: infected
95122753ea27818b35f9b51859e4c692
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
VirtualProtect
Sleep
GetCurrentProcessId
GetCurrentThreadId
GetModuleHandleW
lstrlenW
WideCharToMultiByte
MoveFileExW
GetTempFileNameW
GetTempPathW
DeleteFileW
MoveFileW
WriteFile
ReadFile
GetFileSize
CreateFileW
SetFileAttributesW
GetModuleFileNameW
GetComputerNameA
GetSystemTime
RaiseException
RtlUnwind
HeapAlloc
HeapFree
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
TlsAlloc
TlsGetValue
TlsSetValue
InterlockedIncrement
SetLastError
InterlockedDecrement
ExitProcess
GetStdHandle
HeapCreate
HeapDestroy
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
HeapReAlloc
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
MultiByteToWideChar
GetStringTypeW
SetStdHandle
WriteConsoleW
SetEndOfFile
GetProcessHeap
CloseHandle
GetLastError
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
GetModuleHandleA
CreateProcessW
LoadLibraryW
SystemTimeToFileTime
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
LoadLibraryA
TlsFree
GetProcAddress
user32
FlashWindow
advapi32
CreateServiceW
RegCreateKeyExW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
ChangeServiceConfigW
StartServiceW
CloseServiceHandle
RegCloseKey
RegOpenKeyExW
CryptAcquireContextW
CryptReleaseContext
GetUserNameW
GetUserNameA
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegQueryValueExW
RegSetValueExW
shell32
ShellExecuteW
SHGetSpecialFolderPathW
shlwapi
PathIsRootW
PathAddExtensionW
PathAppendW
PathRemoveExtensionW
PathFileExistsW
Sections
.text Size: 339KB - Virtual size: 338KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 355KB - Virtual size: 354KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ