Static task
static1
Behavioral task
behavioral1
Sample
c0ae5ad78fe90fa72242ac2596b1a59c5d0284124351812ffaff05b49bcd388b.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
c0ae5ad78fe90fa72242ac2596b1a59c5d0284124351812ffaff05b49bcd388b.exe
Resource
win10v2004-20241007-en
General
-
Target
1aaf02057d7b5c36013f16896c0a7a3f4e639ee15b8955a1048d8d66693e8faa
-
Size
116KB
-
MD5
2d169967d4a31df8003584a26b0e0e62
-
SHA1
72a8df2594737582d73d7f1770646218d3f6b78e
-
SHA256
1aaf02057d7b5c36013f16896c0a7a3f4e639ee15b8955a1048d8d66693e8faa
-
SHA512
91c51caa720cd2ecda0fe42fc0d83c6f3a630054c3da2e3c6332cf6666162b21126c10e702f4a878b3eaa03292cec788dcdf0800264d9f09a935474586a16812
-
SSDEEP
3072:JjAOdeMLh3KpeLETVvVOgCCSKHuYeDihQPiieChqhKv:OOth3KpewdOgCnKHufDimPXzuy
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/c0ae5ad78fe90fa72242ac2596b1a59c5d0284124351812ffaff05b49bcd388b.exe
Files
-
1aaf02057d7b5c36013f16896c0a7a3f4e639ee15b8955a1048d8d66693e8faa.zip
Password: infected
-
c0ae5ad78fe90fa72242ac2596b1a59c5d0284124351812ffaff05b49bcd388b.exe.exe windows:5 windows x86 arch:x86
ea931bc21ede436bf268fa9ffe43108a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
Sleep
GetProcAddress
GetModuleHandleA
MultiByteToWideChar
FreeConsole
RtlUnwind
RaiseException
GetCommandLineA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
HeapSize
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
Sections
.text Size: 61KB - Virtual size: 60KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 205KB - Virtual size: 208KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE