C:\ping_pong\win_client\Release\win_client.pdb
Static task
static1
Behavioral task
behavioral1
Sample
6047c9b88823b6c64e5644128d10cbb184cee0a3c6bc054a315f245098c71ed3.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
6047c9b88823b6c64e5644128d10cbb184cee0a3c6bc054a315f245098c71ed3.exe
Resource
win10v2004-20240802-en
General
-
Target
385ea544953072c160153ff1319014de.zip
-
Size
9KB
-
MD5
ad268949f85a4ab223e2ab1c8d3fd4e9
-
SHA1
9382648146b274b820a58c3633b6ea66f2e4e256
-
SHA256
d890a43f3b3dca47203c97da6842db06d71fe95b246ec1a0184aa731d866fefe
-
SHA512
7465ea7695382f1520044ce6f7a7b2b5a86e5b19d48306c6a336aa3dc9a422aada9c95501cd5e42731a328ba1e711251954e6e6d3fffaf6fedc1b966acd71aef
-
SSDEEP
192:RHjQMAFEMEvRoXNYl0U1AvEvNtn/4iR/ghQgAUfjTKGNv:FQMY+mdKR/fnXR/gCQCA
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/6047c9b88823b6c64e5644128d10cbb184cee0a3c6bc054a315f245098c71ed3
Files
-
385ea544953072c160153ff1319014de.zip.zip
Password: infected
-
6047c9b88823b6c64e5644128d10cbb184cee0a3c6bc054a315f245098c71ed3.exe windows:5 windows x86 arch:x86
Password: infected
432c342c05744facf1143abcda5d68c4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
Sleep
CreateProcessA
GetTempFileNameA
GetModuleFileNameA
CloseHandle
GetTempPathA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DecodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
EncodePointer
InterlockedCompareExchange
InterlockedExchange
HeapSetInformation
shell32
ShellExecuteA
ws2_32
inet_addr
WSAGetLastError
htons
WSAStartup
recv
socket
send
connect
WSACleanup
msvcr100
printf
fopen
fread
rand
srand
fwrite
ftell
fseek
fclose
_time64
_snprintf
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
exit
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_invoke_watson
_controlfp_s
atoi
malloc
memset
Sections
.text Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 916B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 436B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 686B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ