Static task
static1
Behavioral task
behavioral1
Sample
033edb31770b0426fb3701595cb741dc4f64705a3aab2ad8fd111a92d81016da.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
033edb31770b0426fb3701595cb741dc4f64705a3aab2ad8fd111a92d81016da.exe
Resource
win10v2004-20241007-en
General
-
Target
033edb31770b0426fb3701595cb741dc4f64705a3aab2ad8fd111a92d81016da
-
Size
3.9MB
-
MD5
9d54ecf04bc6604a651bd54b4ebad3be
-
SHA1
eb0f5173bd51d6d2ac2bd1a127ab236bd2657a5e
-
SHA256
033edb31770b0426fb3701595cb741dc4f64705a3aab2ad8fd111a92d81016da
-
SHA512
7c248df5d702cdb34ebdbc0eba65b1b9e17e21e5ecd2ceb36296628cd91e1a11b162ac5c4071830d44daf5641817920ce363b7b84792b778ecf80b5b29204007
-
SSDEEP
49152:X7Byo2uE7FdqECXoYZzTib4izhnIelOx8qvDOGZ1ArspfzOc:XDTcCqhRlO0G8rzc
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 033edb31770b0426fb3701595cb741dc4f64705a3aab2ad8fd111a92d81016da
Files
-
033edb31770b0426fb3701595cb741dc4f64705a3aab2ad8fd111a92d81016da.exe windows:5 windows x64 arch:x64
b495f7ae22f5107f28264697ac103eb0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
SetFilePointer
GetDriveTypeW
FlushFileBuffers
GetConsoleCP
ReadFile
GetCurrentDirectoryW
CreateFileA
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
LoadLibraryW
GetTimeZoneInformation
GetStringTypeW
LCMapStringW
IsValidCodePage
GetOEMCP
GetCPInfo
HeapSize
GetTickCount
HeapSetInformation
SetHandleCount
SetEndOfFile
GetProcessHeap
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
SetStdHandle
GetEnvironmentStringsW
Sleep
FreeEnvironmentStringsW
GetModuleFileNameA
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
RaiseException
InitializeSRWLock
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
CloseHandle
WaitForSingleObject
SetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
HeapCreate
HeapDestroy
GetCurrentThreadId
SetEvent
WideCharToMultiByte
CreateEventW
ResetEvent
lstrlenW
MultiByteToWideChar
CreateFileW
GetProcAddress
GetModuleHandleW
GetFileSize
MapViewOfFileEx
CreateFileMappingW
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
SwitchToThread
GetModuleFileNameW
UnmapViewOfFile
lstrlenA
VirtualAlloc
GetLocalTime
ExitProcess
HeapAlloc
GetCurrentProcessId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
VirtualFree
FindNextFileW
FindFirstFileW
FindClose
FormatMessageA
FreeLibrary
LoadLibraryA
GetSystemDirectoryA
SystemTimeToFileTime
GetSystemTime
GetVersion
WriteFile
GetFileType
GetStdHandle
GetACP
GetEnvironmentVariableW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
RtlLookupFunctionEntry
RtlUnwindEx
DecodePointer
EncodePointer
GetCommandLineA
GetStartupInfoW
RtlPcToFileHeader
ExitThread
CreateThread
HeapReAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
SetConsoleCtrlHandler
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
ws2_32
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
socket
WSACreateEvent
gethostbyaddr
recv
connect
bind
WSACleanup
WSAEventSelect
WSAStartup
getaddrinfo
freeaddrinfo
select
__WSAFDIsSet
getsockname
getpeername
WSASetLastError
getservbyport
inet_addr
gethostbyname
inet_ntoa
WSAResetEvent
getservbyname
WSACloseEvent
WSAStringToAddressW
shutdown
closesocket
send
ioctlsocket
getsockopt
setsockopt
WSAIoctl
htonl
InetNtopW
htons
ntohs
WSAGetLastError
crypt32
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertOpenStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
shlwapi
StrChrW
winmm
timeGetDevCaps
timeBeginPeriod
timeGetTime
timeEndPeriod
bcrypt
BCryptGenRandom
user32
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
advapi32
CryptGetUserKey
ReportEventW
CryptDecrypt
CryptCreateHash
CryptSetHashParam
CryptSignHashW
CryptDestroyHash
CryptExportKey
DeregisterEventSource
CryptAcquireContextW
CryptGetProvParam
CryptDestroyKey
CryptReleaseContext
CryptEnumProvidersW
RegisterEventSourceW
Sections
.text Size: 2.5MB - Virtual size: 2.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 36KB - Virtual size: 53KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 129KB - Virtual size: 129KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
text Size: 1024B - Virtual size: 702B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
data Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ