Static task
static1
Behavioral task
behavioral1
Sample
4ce69d1899f718801d2b33175fad0039e824be5500880372d56852e44c160a01.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
4ce69d1899f718801d2b33175fad0039e824be5500880372d56852e44c160a01.exe
Resource
win10v2004-20240802-en
General
-
Target
4ce69d1899f718801d2b33175fad0039e824be5500880372d56852e44c160a01
-
Size
3.7MB
-
MD5
393b6bd31136f9dc28652e1688e51c40
-
SHA1
3961716ad114b693b701426f65ead98b5fc4be64
-
SHA256
4ce69d1899f718801d2b33175fad0039e824be5500880372d56852e44c160a01
-
SHA512
a6b7e6e821d01ef578a4cd8f03c7f5a46df22b912c15f7fa285fe9fd647add702ac270efdd80256dbf45c816dfb19c765f4a82dd79079f515c4371c1f189e41c
-
SSDEEP
98304:vjnMtUt6ypcewasEPuCJptZZSdaPxA9QzlWcW3bWljxxysPls/aMbyE:vjzt6ypAasEPuCftZZSdaPxA9QzlWcWH
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4ce69d1899f718801d2b33175fad0039e824be5500880372d56852e44c160a01
Files
-
4ce69d1899f718801d2b33175fad0039e824be5500880372d56852e44c160a01.exe windows:4 windows x86 arch:x86
4db8105c47f8bf6911296032422e78be
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
connect
closesocket
recv
ntohl
select
__WSAFDIsSet
setsockopt
send
shutdown
getpeername
inet_ntoa
getsockname
WSAAsyncSelect
bind
listen
WSAAsyncGetHostByName
gethostbyname
WSAGetLastError
gethostname
WSAStartup
socket
inet_addr
htons
WSACleanup
winmm
timeBeginPeriod
timeGetDevCaps
timeEndPeriod
timeGetTime
imm32
ImmReleaseContext
ImmGetContext
ImmGetCandidateListA
ImmGetDescriptionA
ImmIsIME
ImmGetCompositionStringA
ddraw
DirectDrawCreateEx
DirectDrawEnumerateExA
dsound
ord1
kernel32
LeaveCriticalSection
TerminateThread
EnterCriticalSection
SetUnhandledExceptionFilter
CreateProcessA
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameA
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenProcess
FreeResource
SizeofResource
QueryPerformanceCounter
QueryPerformanceFrequency
ExitProcess
ReleaseMutex
CreateMutexA
GetPrivateProfileStringA
GetVersion
CreateDirectoryA
GetFileAttributesA
GetACP
GetCommandLineW
GetExitCodeThread
WaitForSingleObject
GetSystemTime
ExitThread
lstrcpyA
lstrcatA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
GetPrivateProfileIntA
GlobalUnlock
WriteProcessMemory
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryExW
Module32First
Sleep
FindFirstFileA
CreateEventA
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
GlobalAlloc
GlobalFree
LCMapStringA
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetFileType
SetHandleCount
GetOEMCP
SetConsoleCtrlHandler
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
DeleteCriticalSection
HeapDestroy
GetEnvironmentVariableA
HeapFree
HeapReAlloc
HeapAlloc
CompareStringW
CompareStringA
GetCPInfo
LCMapStringW
FatalAppExitA
GetCommandLineA
GetStartupInfoA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTimeZoneInformation
GetStdHandle
DebugBreak
RaiseException
RtlUnwind
HeapValidate
IsBadWritePtr
InterlockedExchange
GetUserDefaultLCID
DeviceIoControl
GetSystemInfo
VirtualQuery
FlushFileBuffers
VirtualAlloc
VirtualFree
GetFullPathNameA
UnhandledExceptionFilter
InterlockedDecrement
InterlockedIncrement
GetCurrentThread
DuplicateHandle
FindNextFileA
SetFileAttributesA
lstrcpynA
VirtualProtectEx
VirtualAllocEx
CreateRemoteThread
VirtualFreeEx
GetSystemDirectoryA
ReadProcessMemory
IsBadReadPtr
SuspendThread
FlushInstructionCache
ResumeThread
LocalAlloc
LocalFree
GetLastError
GetLocalTime
IsDBCSLeadByte
GetVersionExA
LoadLibraryA
OutputDebugStringA
GetProcAddress
FreeLibrary
WriteFile
GetFileSize
SetFilePointer
ReadFile
lstrlenA
DeleteFileA
CreateFileA
CloseHandle
InitializeCriticalSection
CreateThread
FindResourceA
LoadResource
LockResource
HeapCreate
GlobalLock
GetEnvironmentStringsW
IsValidLocale
IsValidCodePage
TerminateProcess
Module32Next
CreateFileMappingA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
IsBadCodePtr
EnumSystemLocalesA
FindClose
SetStdHandle
SetEndOfFile
SetEnvironmentVariableA
GetLocaleInfoW
user32
DialogBoxParamA
CreateIconFromResource
IntersectRect
UnionRect
LoadCursorFromFileA
GetKeyboardLayout
GetParent
EnumWindows
GetWindowThreadProcessId
FindWindowExA
SetTimer
SetWindowTextA
GetWindowTextA
wsprintfA
GetActiveWindow
DestroyCursor
RegisterClassA
ShowCursor
SetFocus
CallNextHookEx
GetClientRect
ClientToScreen
IsIconic
GetKeyboardLayoutNameA
GetUpdateRect
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
UpdateWindow
EnumDisplaySettingsA
ChangeDisplaySettingsA
PostQuitMessage
DestroyWindow
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
WaitMessage
PostMessageA
LoadBitmapA
BeginPaint
EndPaint
InvalidateRect
DefWindowProcA
GetDC
ReleaseDC
GetAsyncKeyState
SendMessageA
OpenClipboard
GetClipboardData
CloseClipboard
SetCursor
LoadImageA
FillRect
SetRect
GetSystemMetrics
GetWindowRect
FindWindowA
SetWindowPos
OffsetRect
PtInRect
MessageBoxA
wvsprintfA
MessageBeep
EndDialog
GetDlgItem
SetWindowLongA
GetWindowLongA
ShowWindow
gdi32
SetTextAlign
EnumFontFamiliesExA
CreateDIBSection
StretchBlt
GetDeviceCaps
Rectangle
CreatePen
CreatePatternBrush
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
AddFontResourceA
CreateFontA
ExtTextOutA
GetGlyphOutlineA
GetObjectA
DeleteDC
CreateSolidBrush
GetStockObject
MoveToEx
LineTo
DeleteObject
CreateFontIndirectA
GetTextMetricsA
GetTextExtentPoint32A
GetPixel
SetPixel
SelectObject
SetBkColor
SetBkMode
SetTextColor
TextOutA
shell32
ShellExecuteA
CommandLineToArgvW
ole32
CoInitialize
CoCreateInstance
CoUninitialize
mydivx
??0OGGAudio@@QAE@XZ
?SoundOGGSetVolume@OGGAudio@@QAEJJ@Z
?SoundOGGSetPosition@OGGAudio@@QAEJMMM@Z
InitOGGSoundSystem
QuitOGGSoundSystem
?PlayOGGAudio@OGGAudio@@QAEHPADNHNHMMM@Z
?Init@OGGAudio@@QAEJXZ
??1OGGAudio@@QAE@XZ
?SoundOGGVolume@OGGAudio@@QAEJJJ@Z
gOGGDSoundInfo
?StopOGGAudio@OGGAudio@@QAEHXZ
wininet
HttpOpenRequestA
InternetConnectA
InternetOpenA
HttpSendRequestExA
imagehlp
CheckSumMappedFile
advapi32
ControlService
DeleteService
OpenServiceA
StartServiceA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegFlushKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
Sections
.text Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 88KB - Virtual size: 86KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 348KB - Virtual size: 6.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 4KB - Virtual size: 196B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data1 Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 168KB - Virtual size: 165KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ