Static task
static1
Behavioral task
behavioral1
Sample
fd3099cb153543c3836ddc261cd56be7c92549a0a0a152c841799e850d2d5134.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
fd3099cb153543c3836ddc261cd56be7c92549a0a0a152c841799e850d2d5134.exe
Resource
win10v2004-20240802-en
General
-
Target
799ca44c0f470db4609a49741a81e190.zip
-
Size
176KB
-
MD5
9698db6e1583d6d93eacb150aa313ba3
-
SHA1
22272578b013a297949c0028bd9cd3705b87f5b7
-
SHA256
95877a3924865e29bcd4f947f44ea6224dbceb75528de1cc13487fff8c9bd546
-
SHA512
074a9bb7bafc742cc2f37190d9290a770f8849c841ec5e116fd9b1ece21bbc27ee73621a5c2658d539c915a5257baf2581655a773e8b8c4ea00e77ab40bb20f0
-
SSDEEP
3072:9IzXBw2QP89KfOW40DVu9n398AXGDSYyUFbIQ3gTwNBpssF5C4hNFVEvP9FO71yv:eX9QE6fu9N0hhIaSsBhyF01yBJ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/fd3099cb153543c3836ddc261cd56be7c92549a0a0a152c841799e850d2d5134
Files
-
799ca44c0f470db4609a49741a81e190.zip.zip
Password: infected
-
fd3099cb153543c3836ddc261cd56be7c92549a0a0a152c841799e850d2d5134.exe windows:5 windows x86 arch:x86
Password: infected
f020e1a2feae651f7ce88318f285b500
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetModuleHandleA
GetProcAddress
VirtualAlloc
VirtualFree
VirtualProtect
user32
EndPaint
gdi32
BitBlt
advapi32
OpenProcessToken
shell32
ShellExecuteW
ws2_32
WSAStartup
Sections
UJHFFTRT Size: - Virtual size: 580KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UJHFFTRT Size: 178KB - Virtual size: 180KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE