Static task
static1
Behavioral task
behavioral1
Sample
d3b14d9b34e0e95d991ef4abe86c0721b7a3cd88fe0ec233f61e857c06d31405.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
d3b14d9b34e0e95d991ef4abe86c0721b7a3cd88fe0ec233f61e857c06d31405.exe
Resource
win10v2004-20241007-en
General
-
Target
d3b14d9b34e0e95d991ef4abe86c0721b7a3cd88fe0ec233f61e857c06d31405.exe
-
Size
324KB
-
MD5
476d527aa448aef56e3ac013dc31cdf0
-
SHA1
3088c947b45f94448ddbbaeea987f41bc261e6e6
-
SHA256
d3b14d9b34e0e95d991ef4abe86c0721b7a3cd88fe0ec233f61e857c06d31405
-
SHA512
496b4caeec791279dee62852e4f1d45e8148317a33b4e106266ca3b74d23d83f93b7d17c05bdfa74024bb4a0621bf8b743b647241a7c33cb9b98527679065130
-
SSDEEP
3072:QqF5V/HvOqHjiByXpfyJHL4V9OGerueOFf:QqF5VfvOqWByXpfge9OGe6eOF
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d3b14d9b34e0e95d991ef4abe86c0721b7a3cd88fe0ec233f61e857c06d31405.exe
Files
-
d3b14d9b34e0e95d991ef4abe86c0721b7a3cd88fe0ec233f61e857c06d31405.exe.exe windows:5 windows x64 arch:x64
54e85142013d7cd5daa8efb3b0b7b565
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
DeviceIoControl
CreateFileA
FreeResource
FindResourceW
LoadResource
CreateProcessW
GetModuleHandleW
SizeofResource
LockResource
GetModuleFileNameA
GetWindowsDirectoryW
GetLastError
GetTempPathA
FreeLibrary
OpenProcess
LoadLibraryW
GetProcAddress
SystemTimeToFileTime
SetFileTime
GetTempPathW
SetFileAttributesW
LocalFileTimeToFileTime
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
Sleep
GetSystemDirectoryW
CloseHandle
CreateFileW
ReadFile
WriteFile
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
GetCurrentThreadId
UnhandledExceptionFilter
DeleteCriticalSection
InitializeCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentProcess
GetTickCount
TerminateProcess
GetStartupInfoW
advapi32
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
OpenSCManagerW
CloseServiceHandle
RegSetValueExW
shell32
SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteA
msvcr90
_wfopen_s
wcsncpy_s
sprintf_s
strncmp
_wremove
strcpy_s
_itow_s
fwrite
strrchr
wcscat_s
strcat_s
fclose
?what@exception@std@@UEBAPEBDXZ
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@XZ
??0exception@std@@QEAA@AEBQEBD@Z
??0exception@std@@QEAA@AEBV01@@Z
_invalid_parameter_noinfo
sprintf
atol
_localtime64
memcmp
exit
__C_specific_handler
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs
_XcptFilter
_exit
_cexit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
__crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
??_V@YAXPEAX@Z
wcsrchr
_time64
vswprintf_s
??_U@YAPEAX_K@Z
??3@YAXPEAX@Z
free
memset
memcpy
__CxxFrameHandler3
_CxxThrowException
_wcsicmp
??2@YAPEAX_K@Z
msvcp90
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z
Sections
.text Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 292KB - Virtual size: 292KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 588B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ