Static task
static1
Behavioral task
behavioral1
Sample
a26f0a2da63a838161a7d335aaa5e4b314a232acc15dcabdb6f6dbec63cda642.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
a26f0a2da63a838161a7d335aaa5e4b314a232acc15dcabdb6f6dbec63cda642.exe
Resource
win10v2004-20241007-en
General
-
Target
f7f679420671b7e18677831d4d276277.bin
-
Size
1.4MB
-
MD5
437e93895db0c733961dc11e09ea9c4d
-
SHA1
57ab3234e77bf4dc915bc5c44b55cd7833fafd54
-
SHA256
2db9f1a0b5dd11ba003c68779d551a8222f215a7a446cb388999a8bd42e3862f
-
SHA512
be26c81930696fb89e79276cd1b83ee43d8fd8c0114ddaaa567b0d0ca705018580819379df855e67530bf673487dcbf22d37841ed60b7db46a6463c42c7e2f98
-
SSDEEP
24576:k5DtN7pBnXwHYjguNvVACxo0s7NMdMtqtsxF3VrGp4ibwDohnkfnzj:k5DtN7/nYo3VvCRMd0qtsV6p4ibNhkfv
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/a26f0a2da63a838161a7d335aaa5e4b314a232acc15dcabdb6f6dbec63cda642.exe
Files
-
f7f679420671b7e18677831d4d276277.bin.zip
Password: infected
-
a26f0a2da63a838161a7d335aaa5e4b314a232acc15dcabdb6f6dbec63cda642.exe.exe windows:0 windows x64 arch:x64
Password: infected
b3b7ad6f2170dcc432067867d73f9aed
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Imports
comctl32
CreateStatusWindow
CreateToolbarEx
DPA_GetPtr
ImageList_GetImageCount
ImageList_LoadImage
ImageList_Read
comdlg32
ReplaceTextA
gdi32
AngleArc
CancelDC
CreatePen
DdQueryVisRgnUniqueness
EngCheckAbort
FontIsLinked
GdiCreateLocalEnhMetaFile
GdiEntry12
GdiGetSpoolFileHandle
GdiValidateHandle
GetEnhMetaFileHeader
GetObjectA
ResizePalette
ScaleViewportExtEx
kernel32
AddConsoleAliasW
ApplicationRecoveryFinished
CompareFileTime
CreateProcessInternalA
CreateSymbolicLinkTransactedW
CreateThreadpoolCleanupGroup
CreateThreadpoolTimer
DeleteBoundaryDescriptor
EnumSystemLanguageGroupsW
EnumTimeFormatsW
FindFirstVolumeW
GetAtomNameA
GetCalendarDifferenceInDays
GetCalendarInfoW
GetConsoleProcessList
GetDateFormatA
GetFileInformationByHandle
GetMaximumProcessorCount
GetProcAddress
GetProcessorSystemCycleTime
GetProfileStringA
GetTapeParameters
GetThreadContext
GetThreadUILanguage
LZOpenFileW
LoadLibraryA
LocalLock
LocalReAlloc
LocateXStateFeature
OpenJobObjectW
SetComPlusPackageInstallStatus
SetFileIoOverlappedRange
SetFileValidData
SetProcessDEPPolicy
SetThreadStackGuarantee
SetThreadpoolThreadMaximum
StartThreadpoolIo
VerifyVersionInfoW
VirtualQueryEx
WaitForMultipleObjects
msvcrt
clock
cosh
free
iswalnum
malloc
memcpy
memset
perror
remove
strncmp
_wcslwr
_wcsrev
_getpid
_chsize
ole32
CoGetCallContext
CoGetCurrentProcess
CoReleaseMarshalData
CoRetireServer
HMENU_UserUnmarshal
ObjectStublessClient19
OleBuildVersion
OleCreateLinkEx
OleSetMenuDescriptor
SetErrorInfo
user32
AdjustWindowRectEx
ArrangeIconicWindows
BringWindowToTop
CharLowerW
CharNextExA
CreateIconFromResourceEx
DefMDIChildProcA
DefWindowProcA
DisplayConfigGetDeviceInfo
DrawTextW
EndPaint
FindWindowW
GetClassInfoExW
GetClassWord
GetMenuItemInfoW
GetMonitorInfoW
GetUpdateRgn
GetWindowModuleFileNameW
GhostWindowFromHungWindow
IsCharAlphaA
MonitorFromWindow
OpenIcon
RegisterServicesProcess
RegisterTasklist
SetCapture
SetForegroundWindow
TranslateMDISysAccel
UnregisterSessionPort
UserLpkPSMTextOut
Sections
.text Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 176KB - Virtual size: 176KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 655KB - Virtual size: 654KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ