Static task
static1
Behavioral task
behavioral1
Sample
8c11ecb04f8147b5a36a899d6ee194cdd28f25c451b55c3fa834192f786a7f45.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
8c11ecb04f8147b5a36a899d6ee194cdd28f25c451b55c3fa834192f786a7f45.exe
Resource
win10v2004-20240802-en
General
-
Target
a39636fe18e3864a40c492093bdff642.zip
-
Size
1.7MB
-
MD5
d87192ce1c43ee704ea5471825030fc9
-
SHA1
d907deeaf18356228c8623159fbf971f06478fa3
-
SHA256
9d7428e7793d875be0aae8050dbaa749df4a57d5af90ca3dc824bc1c4a79d575
-
SHA512
314600e9432dee4a97fdbfeb470f2014c24ce40f6e7c92d51e5cc872937e8ae88d0708e4f1d221958447990ddcdeac9e75203dd65203649b7ef3509a2963456e
-
SSDEEP
49152:IJohaU9UI/wagHkw4NTayCuW9y2EwRylN+e:ww9Z/wZHkRTayHW9ClN+e
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/8c11ecb04f8147b5a36a899d6ee194cdd28f25c451b55c3fa834192f786a7f45
Files
-
a39636fe18e3864a40c492093bdff642.zip.zip
Password: infected
-
8c11ecb04f8147b5a36a899d6ee194cdd28f25c451b55c3fa834192f786a7f45.exe windows:5 windows x86 arch:x86
Password: infected
95122753ea27818b35f9b51859e4c692
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
VirtualProtect
Sleep
GetCurrentProcessId
GetCurrentThreadId
GetModuleHandleW
lstrlenW
WideCharToMultiByte
MoveFileExW
GetTempFileNameW
GetTempPathW
DeleteFileW
MoveFileW
WriteFile
ReadFile
GetFileSize
CreateFileW
SetFileAttributesW
GetModuleFileNameW
GetComputerNameA
GetSystemTime
RaiseException
RtlUnwind
HeapAlloc
HeapFree
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
TlsAlloc
TlsGetValue
TlsSetValue
InterlockedIncrement
SetLastError
InterlockedDecrement
ExitProcess
GetStdHandle
HeapCreate
HeapDestroy
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
HeapReAlloc
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
MultiByteToWideChar
GetStringTypeW
SetStdHandle
WriteConsoleW
SetEndOfFile
GetProcessHeap
CloseHandle
GetLastError
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
GetModuleHandleA
CreateProcessW
LoadLibraryW
SystemTimeToFileTime
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
LoadLibraryA
TlsFree
GetProcAddress
user32
FlashWindow
advapi32
CreateServiceW
RegCreateKeyExW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
ChangeServiceConfigW
StartServiceW
CloseServiceHandle
RegCloseKey
RegOpenKeyExW
CryptAcquireContextW
CryptReleaseContext
GetUserNameW
GetUserNameA
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegQueryValueExW
RegSetValueExW
shell32
ShellExecuteW
SHGetSpecialFolderPathW
shlwapi
PathIsRootW
PathAddExtensionW
PathAppendW
PathRemoveExtensionW
PathFileExistsW
Sections
.text Size: 339KB - Virtual size: 338KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 355KB - Virtual size: 354KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ