Static task
static1
Behavioral task
behavioral1
Sample
51cdcfad583c42df21bdeb77a098873332dba9d81c9b2014c5a1e2a6a952ae89.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
51cdcfad583c42df21bdeb77a098873332dba9d81c9b2014c5a1e2a6a952ae89.exe
Resource
win10v2004-20240802-en
General
-
Target
235508958b14229fc7cd4072ea643985.zip
-
Size
1.7MB
-
MD5
4f6b229f1bf7531c0bef8d6d9f4138df
-
SHA1
cce7bc94ed24eb4b61383bf041bd3f017b867c11
-
SHA256
10741c6e5911f75cad32814c6d0ce652f99c0f01afb11c0d9923c2cafe9363b9
-
SHA512
3a7b8380d8795c4bd59770358a7b7ca2f0f830fe2497aaa0b9498e84fdaa24dedbd3bc8202b986a3774a695499d28de1c76e858fa39ca70e708b670eb86edf93
-
SSDEEP
49152:kK+heiN6tBug6TW7o/bb/zgjIebDSjGYmWlu:kre0sug6Njb/0jIebDSCYmEu
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/51cdcfad583c42df21bdeb77a098873332dba9d81c9b2014c5a1e2a6a952ae89
Files
-
235508958b14229fc7cd4072ea643985.zip.zip
Password: infected
-
51cdcfad583c42df21bdeb77a098873332dba9d81c9b2014c5a1e2a6a952ae89.exe windows:5 windows x86 arch:x86
Password: infected
95122753ea27818b35f9b51859e4c692
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
VirtualProtect
Sleep
GetCurrentProcessId
GetCurrentThreadId
GetModuleHandleW
lstrlenW
WideCharToMultiByte
MoveFileExW
GetTempFileNameW
GetTempPathW
DeleteFileW
MoveFileW
WriteFile
ReadFile
GetFileSize
CreateFileW
SetFileAttributesW
GetModuleFileNameW
GetComputerNameA
GetSystemTime
RaiseException
RtlUnwind
HeapAlloc
HeapFree
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
TlsAlloc
TlsGetValue
TlsSetValue
InterlockedIncrement
SetLastError
InterlockedDecrement
ExitProcess
GetStdHandle
HeapCreate
HeapDestroy
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
HeapReAlloc
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
MultiByteToWideChar
GetStringTypeW
SetStdHandle
WriteConsoleW
SetEndOfFile
GetProcessHeap
CloseHandle
GetLastError
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
GetModuleHandleA
CreateProcessW
LoadLibraryW
SystemTimeToFileTime
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
LoadLibraryA
TlsFree
GetProcAddress
user32
FlashWindow
advapi32
CreateServiceW
RegCreateKeyExW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
ChangeServiceConfigW
StartServiceW
CloseServiceHandle
RegCloseKey
RegOpenKeyExW
CryptAcquireContextW
CryptReleaseContext
GetUserNameW
GetUserNameA
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegQueryValueExW
RegSetValueExW
shell32
ShellExecuteW
SHGetSpecialFolderPathW
shlwapi
PathIsRootW
PathAddExtensionW
PathAppendW
PathRemoveExtensionW
PathFileExistsW
Sections
.text Size: 339KB - Virtual size: 338KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 355KB - Virtual size: 354KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ