Static task
static1
Behavioral task
behavioral1
Sample
c0ae5ad78fe90fa72242ac2596b1a59c5d0284124351812ffaff05b49bcd388b.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
c0ae5ad78fe90fa72242ac2596b1a59c5d0284124351812ffaff05b49bcd388b.exe
Resource
win10v2004-20241007-en
General
-
Target
6670a4b2c190c5dbe7ac8002e1403af0c423df7c1747da8a3c7445f44faee38e
-
Size
116KB
-
MD5
18454f097a8f799ba5cd526b68f5b63b
-
SHA1
e8a00675b6ef2720db81627184ff4cf64be784b0
-
SHA256
6670a4b2c190c5dbe7ac8002e1403af0c423df7c1747da8a3c7445f44faee38e
-
SHA512
8d8b74b842840621576909984f3cd00626427fc6a63db88c2329a4182b91ad0e1b038f22aa11a3523bd512686627ceb474d8daacabd39ccfb44bb7330dac26a4
-
SSDEEP
3072:Lev4uP4JNapL/nLFmdD27OCYBdrX2Hs+fHd03s8n:qv4Pg/IfBtc8n
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/c0ae5ad78fe90fa72242ac2596b1a59c5d0284124351812ffaff05b49bcd388b.exe
Files
-
6670a4b2c190c5dbe7ac8002e1403af0c423df7c1747da8a3c7445f44faee38e.zip
Password: infected
-
c0ae5ad78fe90fa72242ac2596b1a59c5d0284124351812ffaff05b49bcd388b.exe.exe windows:5 windows x86 arch:x86
ea931bc21ede436bf268fa9ffe43108a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
Sleep
GetProcAddress
GetModuleHandleA
MultiByteToWideChar
FreeConsole
RtlUnwind
RaiseException
GetCommandLineA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
HeapSize
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
Sections
.text Size: 61KB - Virtual size: 60KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 205KB - Virtual size: 208KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE