c:\Common\sand\Hundred\Ship\Whose\Observe\Sure\Force.pdb
Static task
static1
Behavioral task
behavioral1
Sample
f4cea8a52aa64b95c9d0bf6c3396a1b0N.dll
Resource
win7-20240903-en
General
-
Target
f4cea8a52aa64b95c9d0bf6c3396a1b0N.exe
-
Size
188KB
-
MD5
f4cea8a52aa64b95c9d0bf6c3396a1b0
-
SHA1
397b1dadfa55af99d845e5b4c4f2fcb76f814816
-
SHA256
1ba120d35654b6bd0559147c467d063c0e5c484c5940ac6505953a32d8fef917
-
SHA512
bfaa8794dd2cf96574232c20a0025058f8ca21a9cd7b4c361b4ec11d563ae978b4702a6d1ad598974cd7646696c839532a741006d797bcdf2532ae015b09b010
-
SSDEEP
3072:AibFFA003t401K/EKK0LKA7/D5N+gHPVcbW6GGix93yYDB:AIo3DAs0L1VXafix9P
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource f4cea8a52aa64b95c9d0bf6c3396a1b0N.exe
Files
-
f4cea8a52aa64b95c9d0bf6c3396a1b0N.exe.dll windows:4 windows x86 arch:x86
9469d9ffd6c0e6624172e5e7db5595ea
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
CreateFileA
QueryPerformanceCounter
GetWindowsDirectoryA
GetDateFormatA
OpenProcess
Sleep
SizeofResource
CreateProcessA
GetEnvironmentVariableA
RemoveDirectoryA
SetFileAttributesA
GetModuleHandleA
FindFirstChangeNotificationA
VirtualProtect
GetCurrentThreadId
GetVersionExA
GetSystemTime
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
CloseHandle
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetCPInfo
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetFileType
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetStdHandle
SetHandleCount
GetStdHandle
GetStartupInfoA
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
VirtualAlloc
HeapReAlloc
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
HeapSize
GetACP
GetOEMCP
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetEndOfFile
ReadFile
LoadLibraryA
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
Sections
.text Size: 108KB - Virtual size: 104KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 24KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 28KB - Virtual size: 3.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 20KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ