Static task
static1
Behavioral task
behavioral1
Sample
05e4f234a0f177949f375a56b1a875c9ca3d2bee97a2cb73fc2708914416c5a9.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
05e4f234a0f177949f375a56b1a875c9ca3d2bee97a2cb73fc2708914416c5a9.exe
Resource
win10v2004-20241007-en
General
-
Target
05e4f234a0f177949f375a56b1a875c9ca3d2bee97a2cb73fc2708914416c5a9.exe
-
Size
142KB
-
MD5
9adde343f1b073cd9bbb22c33d31ec4a
-
SHA1
913b9b095c37f2e17f472b8df92224560f60773e
-
SHA256
05e4f234a0f177949f375a56b1a875c9ca3d2bee97a2cb73fc2708914416c5a9
-
SHA512
99c5f1ea0e3c0c76c9d01e66aa235e33c1ab44f8792b1c4dbd61cd3fcc7e6fe03660dedaf1b8f1f83411be389f4f35caf241c9e4452c3bd4fb240e22ffad3bbc
-
SSDEEP
3072:dW+oVroeQqaWrBLv+KuzxLO6qdJs4knXwehzNHF60N:FoqfqBHOZOjkBJdN
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 05e4f234a0f177949f375a56b1a875c9ca3d2bee97a2cb73fc2708914416c5a9.exe
Files
-
05e4f234a0f177949f375a56b1a875c9ca3d2bee97a2cb73fc2708914416c5a9.exe.exe windows:5 windows x86 arch:x86
99d43cd9415a137f1d84fc97d41e8c1d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetDriveTypeW
ReadFile
GetFileSizeEx
InterlockedDecrement
TerminateProcess
WaitForMultipleObjects
GetQueuedCompletionStatus
SetEndOfFile
GetFileAttributesW
OpenProcess
PostQueuedCompletionStatus
SetFileAttributesW
GetSystemInfo
SetFilePointerEx
MoveFileExW
GetCurrentProcessId
InterlockedIncrement
CreateIoCompletionPort
HeapFree
lstrcmpiW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
LoadLibraryW
GetProcAddress
GetProcessHeap
EnterCriticalSection
WaitForSingleObject
LeaveCriticalSection
GetCommandLineW
WriteConsoleW
HeapReAlloc
HeapSize
GetConsoleMode
GetConsoleCP
FlushFileBuffers
FindNextVolumeW
lstrcpyW
GetVolumePathNamesForVolumeNameW
FindVolumeClose
SetVolumeMountPointW
CreateThread
CloseHandle
InterlockedExchangeAdd
lstrcatW
GetLastError
Sleep
GetTempPathW
CreateFileW
GetStringTypeW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindClose
FindFirstFileW
lstrlenA
DeviceIoControl
WriteFile
lstrlenW
FindNextFileA
FindFirstFileExA
FindNextFileW
FindFirstVolumeW
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
SetLastError
RtlUnwind
RaiseException
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetACP
HeapAlloc
CompareStringW
LCMapStringW
DecodePointer
user32
SystemParametersInfoW
wsprintfA
GetSystemMetrics
GetDC
ReleaseDC
DrawTextA
gdi32
CreateCompatibleBitmap
SelectObject
CreateDIBSection
GetTextExtentPoint32A
CreateCompatibleDC
CreateFontW
DeleteDC
SetTextColor
SetBkMode
SetBkColor
DeleteObject
BitBlt
winspool.drv
WritePrinter
EnumPrintersW
EndPagePrinter
StartDocPrinterW
OpenPrinterW
StartPagePrinter
EndDocPrinter
ClosePrinter
advapi32
CryptGenRandom
RegSetValueExW
RegCloseKey
CryptAcquireContextW
RegOpenKeyW
shell32
CommandLineToArgvW
SHEmptyRecycleBinA
crypt32
CryptStringToBinaryA
mpr
WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum
Sections
.text Size: 98KB - Virtual size: 97KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 35KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 176B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ