Static task
static1
Behavioral task
behavioral1
Sample
9265b09595c59007e116c60605c28bd616387cf0dff79c7db8c5880e23cfef8e.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
9265b09595c59007e116c60605c28bd616387cf0dff79c7db8c5880e23cfef8e.exe
Resource
win10v2004-20241007-en
General
-
Target
35794aedc3c64761d4e13da7f7513001bb12388542ee100c3eb9fe3dba84a484
-
Size
4.2MB
-
MD5
728a0af10ce0b0b2b3ca9219c2f5e82d
-
SHA1
d6bef079eb7dc53353fdcc95f013b1dabab6a445
-
SHA256
35794aedc3c64761d4e13da7f7513001bb12388542ee100c3eb9fe3dba84a484
-
SHA512
e0df0723eacbc9ba5aa14f8be3e89945f1519ea37570054e775d2aacd0d446a1ff86dea49182ebf149712d6ea7fc7d45ed0708bfb1e1c1821d1bc7497f939628
-
SSDEEP
98304:VbWcoAjSA5qkvj6x9xg/ZLN2KXmZSkOlyVgCJUX:VbWc5q1Ng/ZLNV2ZSkuRC4
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/9265b09595c59007e116c60605c28bd616387cf0dff79c7db8c5880e23cfef8e.exe
Files
-
35794aedc3c64761d4e13da7f7513001bb12388542ee100c3eb9fe3dba84a484.zip
Password: infected
-
9265b09595c59007e116c60605c28bd616387cf0dff79c7db8c5880e23cfef8e.exe.exe windows:4 windows x86 arch:x86
32569d67dc210c5cb9a759b08da2bdb3
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
oleaut32
SysStringLen
SysAllocStringLen
VariantClear
user32
DialogBoxParamW
SetWindowLongW
GetWindowLongW
GetDlgItem
LoadStringW
CharUpperW
DestroyWindow
EndDialog
PostMessageW
SetWindowTextW
ShowWindow
MessageBoxW
SendMessageW
LoadIconW
KillTimer
SetTimer
shell32
ShellExecuteExW
msvcrt
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memset
wcsstr
free
malloc
memcpy
_CxxThrowException
_purecall
memmove
memcmp
wcscmp
__CxxFrameHandler
kernel32
WaitForSingleObject
GetStartupInfoA
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
lstrlenW
lstrcatW
VirtualFree
VirtualAlloc
Sleep
WaitForMultipleObjects
GetFileInformationByHandle
GetStdHandle
GlobalMemoryStatus
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
GetFileAttributesW
GetModuleHandleA
FindNextFileW
FindFirstFileW
FindClose
GetCurrentThreadId
GetTickCount
GetCurrentProcessId
GetTempPathW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetLastError
DeleteFileW
CreateDirectoryW
GetModuleHandleW
GetProcAddress
RemoveDirectoryW
SetFileAttributesW
CreateFileW
SetFileTime
GetSystemDirectoryW
FormatMessageW
LocalFree
GetModuleFileNameW
LoadLibraryExW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetVersionExW
GetCommandLineW
CreateProcessW
CloseHandle
Sections
.text Size: 102KB - Virtual size: 101KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.sxdata Size: 512B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ