Behavioral task
behavioral1
Sample
5dd38fe5a29977a46d94be14e472a0bbc3fdb3d89c26f01606529f692527e4a1N.exe
Resource
win7-20240708-en
General
-
Target
5dd38fe5a29977a46d94be14e472a0bbc3fdb3d89c26f01606529f692527e4a1N
-
Size
443KB
-
MD5
b99cbdde7b169462b0a3a320c03c7400
-
SHA1
5b1e53713fc5e5d25ed94d1370b9759833050462
-
SHA256
5dd38fe5a29977a46d94be14e472a0bbc3fdb3d89c26f01606529f692527e4a1
-
SHA512
30257a87a69815603e8860f60f28d00e9f4cc5dc497315b2222d04b4d4547583fdbf144b8e50b0efcada915bace94fd57577837d027f753bcfd317ed380a97a7
-
SSDEEP
3072:MgUDUT1q0+29RW6Q93rYfghbEhKsJVPP6+9LasA1//7YXg8kHBOnZtT6mwyswf:XV55pRPQdrFhbEhtVacLaN//2gWF6lkf
Malware Config
Signatures
-
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5dd38fe5a29977a46d94be14e472a0bbc3fdb3d89c26f01606529f692527e4a1N
Files
-
5dd38fe5a29977a46d94be14e472a0bbc3fdb3d89c26f01606529f692527e4a1N.exe windows:4 windows x86 arch:x86
5dc4d890d100a6a3aa07b5c431c18838
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CreateFileA
GetLocalTime
CreateThread
GlobalUnlock
GlobalLock
SetFileTime
GetFileTime
GlobalMemoryStatus
FindClose
FindNextFileA
FindFirstFileA
ReadFile
GetFileSize
GetCurrentProcess
TerminateProcess
OpenProcess
GetLastError
HeapFree
HeapAlloc
GetProcessHeap
ExitThread
WriteFile
GetStartupInfoA
CreatePipe
GlobalAlloc
GetComputerNameA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
FlushFileBuffers
SetStdHandle
SetFilePointer
GetFileType
GetStdHandle
SetHandleCount
GetFileAttributesA
DeleteFileA
GetCurrentDirectoryA
GetLogicalDriveStringsA
TerminateThread
GetVersionExA
ExitProcess
GetTickCount
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetTempPathA
OpenMutexA
Sleep
CreateProcessA
CloseHandle
CreateMutexA
CopyFileA
PeekNamedPipe
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
GetVersion
GetCommandLineA
RtlUnwind
GetSystemTime
GetTimeZoneInformation
RemoveDirectoryA
advapi32
ControlService
RegDeleteKeyA
QueryServiceStatus
EnumDependentServicesA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
GetUserNameA
OpenEventLogA
ClearEventLogA
CloseEventLog
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
DeleteService
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
shell32
ShellExecuteA
user32
GetClipboardData
OpenClipboard
GetWindowTextA
GetForegroundWindow
GetAsyncKeyState
CloseClipboard
GetClassNameA
PostMessageA
EnumChildWindows
IsWindowVisible
EnumWindows
ExitWindowsEx
ShowWindow
MessageBoxA
wininet
InternetOpenA
InternetReadFile
InternetOpenUrlA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA
InternetCloseHandle
ws2_32
send
htons
inet_addr
gethostbyname
inet_ntoa
socket
connect
WSAStartup
closesocket
WSACleanup
getsockname
accept
select
listen
htonl
bind
gethostbyaddr
ntohl
WSASocketA
sendto
__WSAFDIsSet
setsockopt
WSAAsyncSelect
gethostname
WSAIoctl
recv
ntohs
Sections
UPX0 Size: 128KB - Virtual size: 128KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 84KB - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX2 Size: 72KB - Virtual size: 72KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE