ICWCONN2.pdb
Static task
static1
Behavioral task
behavioral1
Sample
232510c6475cc7e577d1bc5d6e875358ca7d13ece14364d0c79fda1773816378N.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
232510c6475cc7e577d1bc5d6e875358ca7d13ece14364d0c79fda1773816378N.exe
Resource
win10v2004-20240802-en
General
-
Target
232510c6475cc7e577d1bc5d6e875358ca7d13ece14364d0c79fda1773816378N
-
Size
2.9MB
-
MD5
39169806520ababdaf1f327dcc815a90
-
SHA1
0fa3b4ff467241adc86040dae1f33855a0e18c08
-
SHA256
232510c6475cc7e577d1bc5d6e875358ca7d13ece14364d0c79fda1773816378
-
SHA512
a2b8ead747f3fea99c9554f977c5cb1e6929e0407ddf1c15e10972a8b1f5f00a5e295e7a08024727517dea5296c83f984aac1aac3b58c7eabb51a1a121a2f872
-
SSDEEP
49152:9lfbtL2tL3rOO53RTqti1mDta4IhKPgssSt2g9ljREp6:9lzV2V3rOO53VCYhv7St8p
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 232510c6475cc7e577d1bc5d6e875358ca7d13ece14364d0c79fda1773816378N
Files
-
232510c6475cc7e577d1bc5d6e875358ca7d13ece14364d0c79fda1773816378N.exe windows:5 windows x86 arch:x86
b90673f10d00ca3603bdd6d05970eba3
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
advapi32
RegQueryValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyW
RegDeleteValueW
c
LocalAlloc
ExitProcess
WriteFile
SetFilePointer
GetCurrentProcessId
GetCurrentThreadId
GetCommandLineW
GlobalFree
FreeLibrary
GetProcAddress
GetLastError
LoadLibraryW
GlobalAlloc
lstrcpynW
lstrcpyW
GetPrivateProfileStringW
GetVersionExW
lstrcmpiW
GetModuleHandleW
FindClose
FindNextFileW
DeleteFileW
SetFileAttributesW
FindFirstFileW
lstrcatW
CompareStringW
GetFullPathNameW
GetPrivateProfileIntW
CreateSemaphoreW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CloseHandle
GetCommandLineA
GetVersionExA
GetModuleHandleA
GetStdHandle
GetModuleFileNameA
FreeEnvironmMZ�
�
gram cannot be run in DOS mode. $
mode. $
��j���j���j���c�r�k���c�c�b���c�t�u���j���;���c�d����c�m�|���c�s�k���c�v�k���Richj���
c�r�k���c�c�b���c�t�u���j���;���c�d����c�m�|���c�s�k���c�v�k���Richj���
��c�t�u���j���;���c�d����c�m�|���c�s�k���c�v�k���Richj���
;���c�d����c�m�|���c�s�k���c�v�k���Richj���
m�|���c�s�k���c�v�k���Richj���
��c�v�k���Richj���
chj���
�
@
`
.text
�-
Sleep
LocalFree
lstrcmpW
lstrlenW
GetStartupInfoA
���l�
@
�
ll
DLL.DLL
ER32.dll
vcrt.dll
T32.dll
���L$
PAPI.dll
DLG32.dll
ELL32.dll
.dll
�L�
�L�
�
�
���L�
SHLWAPI.dll
`o��
��
p���
�)��
��
07�x
�
�
Sections
.text Size: 52KB - Virtual size: 48KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 24KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ