Static task
static1
Behavioral task
behavioral1
Sample
2c7aeac07ce7f03b74952e0e243bd52f2bfa60fadc92dd71a6a1fee2d14cdd77.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2c7aeac07ce7f03b74952e0e243bd52f2bfa60fadc92dd71a6a1fee2d14cdd77.exe
Resource
win10v2004-20240802-en
General
-
Target
9667b999dd4f2c2839ab0e364c345c79f8915543fe31a51c75d22dcaba8d2d0e
-
Size
432KB
-
MD5
fb4c2f11588ed6d8fd98ad8b85b9bcba
-
SHA1
f88e9ebaea6f6bd199dcfdc4e2a92ebb9a8bc3cb
-
SHA256
9667b999dd4f2c2839ab0e364c345c79f8915543fe31a51c75d22dcaba8d2d0e
-
SHA512
ee780591bd891eb59c8885c3286c058430763e485857c3533116f9b39aa83fb162dc8316a05119a7b702cbac3dfacc0bcaac18894b37f06cdf0878fa1a9b29ee
-
SSDEEP
12288:DDax52tGBKG/anmiqzl+tcxaVc7iAPRC2Jmz0u:DDax5KGBKoYtcEVc7iO/o
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/2c7aeac07ce7f03b74952e0e243bd52f2bfa60fadc92dd71a6a1fee2d14cdd77.exe
Files
-
9667b999dd4f2c2839ab0e364c345c79f8915543fe31a51c75d22dcaba8d2d0e.zip
Password: infected
-
2c7aeac07ce7f03b74952e0e243bd52f2bfa60fadc92dd71a6a1fee2d14cdd77.exe.exe windows:5 windows x86 arch:x86
6fd46d89daada6463cf89e7dd1e015d2
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
InterlockedExchange
EnterCriticalSection
InterlockedDecrement
LeaveCriticalSection
GetLastError
TlsAlloc
InterlockedExchangeAdd
LocalFree
InterlockedIncrement
TlsFree
FormatMessageA
ReadFile
GetFileSizeEx
WriteFile
GetCurrentThreadId
CreateFileA
CloseHandle
CreateFileW
GetDriveTypeW
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetCommandLineW
GetStdHandle
WriteConsoleA
Sleep
GetConsoleMode
GetFileAttributesA
GetSystemInfo
GetCurrentProcessId
WaitForSingleObject
OpenProcess
TlsSetValue
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
CreateEventW
SetEvent
TerminateThread
ResetEvent
QueueUserAPC
DeleteCriticalSection
SleepEx
TlsGetValue
GetLogicalDriveStringsA
SetEndOfFile
HeapSize
WriteConsoleW
SetStdHandle
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
HeapReAlloc
GetTimeZoneInformation
SetFilePointerEx
ReadConsoleW
EnumSystemLocalesW
FormatMessageW
WideCharToMultiByte
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
AreFileApisANSI
SetLastError
GetModuleHandleW
GetProcAddress
MoveFileExW
MultiByteToWideChar
TryEnterCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
GetStringTypeW
DuplicateHandle
WaitForSingleObjectEx
GetCurrentProcess
SwitchToThread
GetCurrentThread
GetExitCodeThread
EncodePointer
DecodePointer
RaiseException
GetSystemTimeAsFileTime
GetTickCount
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlUnwind
ExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
GetACP
HeapAlloc
HeapFree
GetFileType
FlushFileBuffers
GetConsoleCP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
shell32
CommandLineToArgvW
ole32
CoCreateInstance
CoInitializeEx
CoSetProxyBlanket
CoUninitialize
oleaut32
VariantClear
VariantInit
SysFreeString
SysAllocString
ws2_32
WSACleanup
WSAStartup
shlwapi
PathIsNetworkPathW
mpr
WNetGetConnectionW
Sections
.text Size: 661KB - Virtual size: 660KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 147KB - Virtual size: 147KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 34KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 34KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ