Static task
static1
General
-
Target
Application_000290.exe
-
Size
66.2MB
-
MD5
a4a2894dd88a2312925ad89dff3e7ea9
-
SHA1
febbf54beaca4761c9d305bf2d555093e8fbac98
-
SHA256
0ab470f9c1ccb7cafcce4d9fa9bffb0d0666a05d861f88c44f18350d774c4369
-
SHA512
7680ba64d4038ea92d078773008bb381b046e512929827e914c49121c822e4b4bf159f5b8d878672beeb861e0deb1b6495bc95b7d1e780c890fe7761fbe0c977
-
SSDEEP
786432:Fmrq6Y07kDDboJeEO+D9ouNRVMJ89h3ivhdS+9Ix5rUV:FUNhYtIxG
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Application_000290.exe
Files
-
Application_000290.exe.exe windows:6 windows x86 arch:x86
a2e9338565484e434757597c46f1629d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
shlwapi
PathFileExistsW
kernel32
WaitForSingleObjectEx
FindFirstFileA
WriteConsoleW
AreFileApisANSI
IsProcessorFeaturePresent
InitializeCriticalSectionEx
FindFirstFileExA
SetFilePointer
SetEndOfFile
FindNextFileW
IsValidLocale
GetConsoleMode
CreateDirectoryA
GetUserDefaultLCID
FindClose
GetCurrentDirectoryA
GetProcessAffinityMask
VirtualFree
CreateSemaphoreA
TlsGetValue
lstrcatA
SetEnvironmentVariableA
GetFileAttributesW
GetCurrentProcess
ReleaseSRWLockExclusive
GetSystemTimeAsFileTime
CreateFileW
SetStdHandle
GetStartupInfoW
SetFileTime
LCMapStringEx
GetFullPathNameW
GetEnvironmentStringsW
GetCurrentThreadId
MultiByteToWideChar
VerifyVersionInfoW
FileTimeToSystemTime
GetEnvironmentVariableA
IsDebuggerPresent
GetDateFormatW
GetFinalPathNameByHandleW
FreeLibrary
WaitForSingleObject
RtlUnwind
EnumSystemLocalesW
GetLastError
LoadLibraryExW
GetTempPathW
CreateDirectoryW
SetLastError
QueryPerformanceFrequency
LoadLibraryW
GetModuleFileNameA
FreeLibraryAndExitThread
GetFileSize
LeaveCriticalSection
GetTempPathA
RaiseException
GetFileSizeEx
GetCommandLineA
HeapReAlloc
GetCurrentDirectoryW
GetFileAttributesExW
DeleteCriticalSection
RemoveDirectoryA
GetLocaleInfoW
GetTimeFormatW
GetModuleHandleExW
GetSystemDirectoryW
GetModuleHandleA
GetTimeZoneInformation
GetProcAddress
AcquireSRWLockExclusive
ReleaseSemaphore
GetCPInfo
GetDriveTypeW
FlushFileBuffers
SystemTimeToTzSpecificLocalTime
ResetEvent
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
GetOEMCP
GetStdHandle
SleepEx
FindNextFileA
CreateFileA
GetTickCount64
HeapFree
CreateEventA
EncodePointer
LocalFree
IsValidCodePage
GetFileType
WaitForMultipleObjects
DecodePointer
GetStringTypeW
SetFilePointerEx
WriteFile
InitializeCriticalSection
lstrlenA
GetCommandLineW
HeapAlloc
ExitThread
GetConsoleCP
SetFileAttributesW
ExitProcess
VirtualAlloc
FormatMessageW
TryAcquireSRWLockExclusive
GlobalMemoryStatus
DeleteFileA
GetProcessHeap
FreeEnvironmentStringsW
GetACP
QueryPerformanceCounter
TlsSetValue
HeapSize
DeleteFileW
FindFirstFileW
GetFileInformationByHandle
GetModuleFileNameW
LoadLibraryA
SetCurrentDirectoryW
CreateThread
WideCharToMultiByte
PeekNamedPipe
GetVersionExA
SetEvent
CloseHandle
InitializeSListHead
GetLocaleInfoEx
VerSetConditionMask
ReadConsoleW
GetSystemInfo
GetVersion
TlsAlloc
TerminateProcess
ReadFile
TlsFree
LCMapStringW
EnterCriticalSection
SetCurrentDirectoryA
WakeAllConditionVariable
Sleep
GetTickCount
CompareStringW
UnhandledExceptionFilter
GetFileAttributesA
GetModuleHandleW
SetFileAttributesA
MoveFileExW
FormatMessageA
RemoveDirectoryW
user32
LoadIconA
SetWindowTextW
SetTimer
wsprintfA
CharUpperW
MessageBoxW
ShowWindow
GetWindowLongA
DialogBoxParamW
GetDlgItem
DestroyWindow
EndDialog
SendMessageA
DialogBoxParamA
PostMessageA
SetWindowTextA
LoadStringW
MessageBoxA
SetWindowLongA
LoadStringA
KillTimer
CharUpperA
shell32
ShellExecuteExA
oleaut32
VariantClear
SysAllocStringLen
SysStringLen
bcrypt
BCryptGenRandom
advapi32
CryptEncrypt
CryptGetHashParam
CryptCreateHash
CryptDestroyKey
CryptAcquireContextW
CryptDestroyHash
CryptReleaseContext
CryptImportKey
CryptHashData
crypt32
CertGetCertificateChain
CertGetNameStringW
CertCloseStore
CertAddCertificateContextToStore
CertFreeCertificateChainEngine
CertOpenStore
CertFreeCertificateChain
CertEnumCertificatesInStore
CertCreateCertificateChainEngine
CryptStringToBinaryW
CertFindCertificateInStore
CryptQueryObject
CryptDecodeObjectEx
CertFindExtension
PFXImportCertStore
CertFreeCertificateContext
wldap32
ord216
ord301
ord145
ord219
ord46
ord14
ord147
ord73
ord208
ord41
ord117
ord26
ord27
ord127
ord167
ord142
ord79
ord133
ws2_32
gethostname
htons
getsockopt
send
WSAWaitForMultipleEvents
getaddrinfo
WSAEventSelect
freeaddrinfo
WSACloseEvent
WSAIoctl
closesocket
WSAGetLastError
ntohs
WSASetLastError
WSAStartup
WSACleanup
ioctlsocket
setsockopt
WSAEnumNetworkEvents
__WSAFDIsSet
select
accept
bind
connect
getsockname
htonl
listen
recv
socket
WSAResetEvent
WSACreateEvent
recvfrom
sendto
getpeername
Sections
.text Size: 6.1MB - Virtual size: 6.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 200KB - Virtual size: 199KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 72KB - Virtual size: 71KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ