Behavioral task
behavioral1
Sample
d520d628a5e3f224f182deda39666e59088861e5bff30e83efaf8317b086391dN.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
d520d628a5e3f224f182deda39666e59088861e5bff30e83efaf8317b086391dN.exe
Resource
win10v2004-20240802-en
General
-
Target
d520d628a5e3f224f182deda39666e59088861e5bff30e83efaf8317b086391dN
-
Size
4.6MB
-
MD5
001d51767401c030ab2d4620a7d2a570
-
SHA1
b9274337f7bf42056664efdd2c9d32d68baa7a7c
-
SHA256
d520d628a5e3f224f182deda39666e59088861e5bff30e83efaf8317b086391d
-
SHA512
d80c8a36e3d3931609535973e2a22639340b3b0957a41aa48698a6af6a33de1c16f96087ad93bfa524cedf6a128210d20c06f4939524fa5096965853509aac44
-
SSDEEP
3072:xYVlF22d/HAMt0WSt+/x3y6dykvOCVwOU3R4KyslRzXtDm+t6V:ydd/HAMt0Lt8xuQV1UBXy+zXtDmU6
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Signatures
-
Metasploit family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d520d628a5e3f224f182deda39666e59088861e5bff30e83efaf8317b086391dN
Files
-
d520d628a5e3f224f182deda39666e59088861e5bff30e83efaf8317b086391dN.exe windows:4 windows x86 arch:x86
8d9d40d3d77db20689b4f35ab163abfd
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
LoadLibraryA
FreeLibrary
LocalFree
MapViewOfFile
CloseHandle
UnmapViewOfFile
GetCurrentProcess
GetVersionExA
TerminateThread
TransactNamedPipe
CreateFileA
CopyFileA
lstrlenA
WriteFile
SetFileAttributesA
CreateDirectoryA
lstrcatA
GetDriveTypeA
GetLogicalDriveStringsA
GetModuleHandleA
GetComputerNameA
IsDebuggerPresent
lstrcpyA
GetTempPathA
WaitForSingleObject
DeleteCriticalSection
QueryPerformanceCounter
ExitProcess
CreateProcessA
ReleaseMutex
DeleteFileA
CreateMutexA
GlobalMemoryStatusEx
GetTimeFormatA
GetDateFormatA
GetSystemDirectoryA
GetLocaleInfoA
ReadProcessMemory
OpenProcess
Module32Next
TerminateProcess
Module32First
CreateToolhelp32Snapshot
Process32Next
Process32First
GetCurrentThread
LocalAlloc
GetFileAttributesA
SetFileTime
GetFileTime
GetWindowsDirectoryA
SetEnvironmentVariableA
CompareStringW
InitializeCriticalSectionAndSpinCount
GetLastError
ExitThread
lstrcmpiA
GetModuleFileNameA
CreateThread
MultiByteToWideChar
Sleep
QueryPerformanceFrequency
GetTickCount
CompareStringA
SetEndOfFile
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetExitCodeProcess
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
GetACP
HeapFree
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RtlUnwind
InterlockedDecrement
InterlockedIncrement
GetStartupInfoA
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
ReadFile
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer
InitializeCriticalSection
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
WideCharToMultiByte
LCMapStringA
LCMapStringW
RaiseException
HeapSize
GetCPInfo
user32
CharLowerA
wsprintfA
advapi32
RegSetValueExA
GetUserNameA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetSecurityInfo
SetEntriesInAclA
SetSecurityInfo
RegOpenKeyExA
shell32
ShellExecuteA
SHGetSpecialFolderPathA
ws2_32
gethostname
setsockopt
gethostbyname
ioctlsocket
sendto
WSASocketA
closesocket
inet_addr
htons
connect
send
recv
htonl
ntohs
WSAStartup
socket
iphlpapi
GetUdpTable
Sections
.text Size: 4.6MB - Virtual size: 4.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE