snmptrap.pdb
Static task
static1
Behavioral task
behavioral1
Sample
063141e23760a9c8ba910f903d9d1558362563c98d972cb63557e8e6be9aabd8.exe
Resource
win10v2004-20240802-en
General
-
Target
2a84f725460639332392e5aa2b689fd6.zip
-
Size
264KB
-
MD5
c2720c8e20f9a76016a0ff56a95a8ec4
-
SHA1
248f2766d88471aa6acb3754f47ae0b21e58924e
-
SHA256
f42c23fa242726d11842f716b1af893b0b922fc1dce7100ac7a402ea7ea1ece4
-
SHA512
d16e4a8070244c03fd229b1fa35e3ce25904405995a35dcd56c7cb8a4be2c97bf4a24d140530a240955599a7f91e1c13511a8bb1982fa8e057a6ea9b21f3179a
-
SSDEEP
6144:FhZn+RoJYiEK2aHDjzx7kdiCLdBcP17jPE4NOqZT:FhZn+iJYiEXafx79CLdBcP1lZT
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/063141e23760a9c8ba910f903d9d1558362563c98d972cb63557e8e6be9aabd8
Files
-
2a84f725460639332392e5aa2b689fd6.zip.zip
Password: infected
-
063141e23760a9c8ba910f903d9d1558362563c98d972cb63557e8e6be9aabd8.exe windows:10 windows x64 arch:x64
Password: infected
1b8b61707212b76df87fb8e972f18842
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
advapi32
AddAccessAllowedAce
GetLengthSid
StartServiceCtrlDispatcherW
InitializeAcl
InitializeSecurityDescriptor
FreeSid
RegisterServiceCtrlHandlerW
SetServiceStatus
AllocateAndInitializeSid
SetSecurityDescriptorDacl
kernel32
EnterCriticalSection
GetCommandLineW
WriteFile
CreateNamedPipeW
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
DisconnectNamedPipe
CreateEventW
GetLastError
SetEvent
GlobalAlloc
GlobalFree
CloseHandle
HeapSetInformation
ResetEvent
GetOverlappedResult
DeleteCriticalSection
GetTickCount
RegisterApplicationRestart
ConnectNamedPipe
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
TerminateProcess
msvcrt
?terminate@@YAXXZ
_fmode
_initterm
__setusermatherr
_cexit
_exit
__getmainargs
_amsg_exit
_XcptFilter
_beginthreadex
exit
__C_specific_handler
_commode
__set_app_type
memset
ws2_32
WSACleanup
__WSAFDIsSet
FreeAddrInfoW
bind
closesocket
select
WSAGetLastError
ioctlsocket
htons
recvfrom
GetAddrInfoW
socket
WSAStartup
Sections
.text Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 300B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 396KB - Virtual size: 1.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ