Static task
static1
Behavioral task
behavioral1
Sample
198cfb15fb19d39c268055e6162ad0c4145f6e4eb39ca0669717e689d2e25e8c.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
198cfb15fb19d39c268055e6162ad0c4145f6e4eb39ca0669717e689d2e25e8c.exe
Resource
win10v2004-20240802-en
General
-
Target
198cfb15fb19d39c268055e6162ad0c4145f6e4eb39ca0669717e689d2e25e8c.exe
-
Size
1.4MB
-
MD5
00465490b449aa57d0e1ac7cba51af72
-
SHA1
e38c11a5f091182f2e5a6c432609f9d94e9c30f5
-
SHA256
198cfb15fb19d39c268055e6162ad0c4145f6e4eb39ca0669717e689d2e25e8c
-
SHA512
fae05f81c3ca2619e20a33d83f5dd868f7b189539e04a09eac83e2ecfd876dc30da11de9f9b3fbf094b44a9eea3d88b725d87d6a8f8387afdaf2ebeec67ebb82
-
SSDEEP
24576:Hou10+rz8ZczgG/l34KLem5IOa5+agTWy0Mo:HX1Mc16NxaiZ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 198cfb15fb19d39c268055e6162ad0c4145f6e4eb39ca0669717e689d2e25e8c.exe
Files
-
198cfb15fb19d39c268055e6162ad0c4145f6e4eb39ca0669717e689d2e25e8c.exe.exe windows:6 windows x64 arch:x64
0f535e6ba576db6e12644a3b2a593597
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
GetFileType
GetLogicalDrives
LockFile
ReadFile
ReadFileEx
RemoveDirectoryA
SetEndOfFile
SetFilePointer
UnlockFile
WriteFileEx
GetCompressedFileSizeA
GetTempPathA
GetVolumeInformationA
GetTempFileNameA
GetQueuedCompletionStatus
PostQueuedCompletionStatus
ExitProcess
SwitchToThread
GetCurrentThread
SetThreadPriority
SetThreadPriorityBoost
GetThreadPriorityBoost
ExitThread
ResumeThread
SetProcessShutdownParameters
GetPriorityClass
GetProcessHandleCount
GetProcessPriorityBoost
GetThreadIOPendingFlag
SetThreadIdealProcessor
SetProcessWorkingSetSize
QueueUserWorkItem
IsProcessInJob
AssignProcessToJobObject
TerminateJobObject
SetInformationJobObject
GetShortPathNameA
SetProcessAffinityMask
GetProcessIoCounters
SwitchToFiber
ConvertFiberToThread
ConvertThreadToFiber
SetFileShortNameA
SetTapePosition
WriteTapemark
lstrcmpiA
lstrcpynA
BackupSeek
GetLogicalDriveStringsA
DefineDosDeviceA
QueryDosDeviceA
CheckNameLegalDOS8Dot3A
MoveFileWithProgressA
ReplaceFileA
ReadDirectoryChangesW
FindNextVolumeA
GetFileSizeEx
FindNextVolumeMountPointA
FindVolumeMountPointClose
SetVolumeMountPointA
GetVolumePathNamesForVolumeNameA
GetNumaProcessorNode
GetNumaNodeProcessorMask
GetTimeFormatA
GetStringTypeW
IsValidCodePage
GetCPInfo
GetCPInfoExA
GetCalendarInfoA
SetCalendarInfoA
GetNumberFormatA
GetCurrencyFormatA
IsValidLanguageGroup
IsValidLocale
GetGeoInfoA
EnumSystemGeoID
GetUserGeoID
SetUserGeoID
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetThreadLocale
GetStringTypeExA
EnumUILanguagesA
GetConsoleOutputCP
SetConsoleMode
ReadConsoleA
FillConsoleOutputAttribute
GenerateConsoleCtrlEvent
SetConsoleActiveScreenBuffer
FlushConsoleInputBuffer
SetConsoleOutputCP
GetConsoleCursorInfo
SetConsoleScreenBufferSize
SetConsoleWindowInfo
WriteConsoleOutputCharacterA
WriteConsoleOutputAttribute
ReadConsoleOutputCharacterA
WriteConsoleInputA
WriteConsoleOutputA
SetConsoleTitleA
GetNumberOfConsoleMouseButtons
GetConsoleFontSize
GetCurrentConsoleFont
GetConsoleSelectionInfo
WriteConsoleW
CloseHandle
CreateFileW
SetFilePointerEx
GetConsoleMode
FlushFileBuffers
HeapReAlloc
HeapSize
GetFileInformationByHandle
GetFileAttributesExA
GetFileAttributesA
GetDriveTypeA
GetDiskFreeSpaceExA
GetDiskFreeSpaceA
FindCloseChangeNotification
FindClose
SearchPathA
GetCurrentDirectoryA
GetCommandLineA
GetEnvironmentStringsW
GetStdHandle
FindFirstVolumeMountPointA
GetModuleHandleA
GetProcessHeap
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
WriteFile
GetModuleFileNameW
GetCurrentProcess
TerminateProcess
GetModuleHandleExW
HeapAlloc
HeapFree
FindFirstFileExW
FindNextFileW
GetACP
GetOEMCP
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
FreeEnvironmentStringsW
SetStdHandle
winspool.drv
AbortPrinter
WritePrinter
ScheduleJob
FindClosePrinterChangeNotification
FindNextPrinterChangeNotification
FindFirstPrinterChangeNotification
ReadPrinter
comdlg32
PageSetupDlgA
CommDlgExtendedError
PrintDlgExA
PrintDlgA
ChooseFontA
ReplaceTextA
FindTextA
ChooseColorA
GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
advapi32
DecryptFileA
GetUserNameA
version
VerFindFileA
VerInstallFileA
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA
gdiplus
GdiplusStartup
dxgi
CreateDXGIFactory
Sections
.text Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 44KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ