Static task
static1
Behavioral task
behavioral1
Sample
9b298cb4d3f65ef31c181df51412ad0daaf56951e4e470f0be70d19e07577a61.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
9b298cb4d3f65ef31c181df51412ad0daaf56951e4e470f0be70d19e07577a61.exe
Resource
win10v2004-20241007-en
General
-
Target
c861261c18d3016009e78c4056691aa1369fdb54b7da2ee7ded00fd1d7a72f76
-
Size
155KB
-
MD5
2789f00ed78c7c7815adff8e109daa6b
-
SHA1
9eaf3ae0478338dd4a1da54b71443627701a9619
-
SHA256
c861261c18d3016009e78c4056691aa1369fdb54b7da2ee7ded00fd1d7a72f76
-
SHA512
b7c5aa0b7fc2e41c9abd7288655f82cc57e67536bf26d49dfe1ba9b4cb5d40224871bc7a5e4053554e9edfa65fa6cd3b77e033a8bad37514362f8359a28d2f1a
-
SSDEEP
3072:tkACnsIimChVBd6y2/lc7MXQSkPqwkR2ydNP/6kcD1GWy:tkPnsdmMVBn2/lc/SkF+Fchjy
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/9b298cb4d3f65ef31c181df51412ad0daaf56951e4e470f0be70d19e07577a61.exe
Files
-
c861261c18d3016009e78c4056691aa1369fdb54b7da2ee7ded00fd1d7a72f76.zip
Password: infected
-
9b298cb4d3f65ef31c181df51412ad0daaf56951e4e470f0be70d19e07577a61.exe.exe windows:6 windows x86 arch:x86
435888c6729be5337d44a245a78f6a26
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
CreateFileW
RaiseException
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
HeapSize
HeapReAlloc
CloseHandle
DecodePointer
WriteConsoleW
Sections
.text Size: 105KB - Virtual size: 105KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 179KB - Virtual size: 181KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.dswr Size: 977KB - Virtual size: 976KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ