C:\tovatabu hucugiduxipe38\jitaxuyesuci.pdb
Static task
static1
Behavioral task
behavioral1
Sample
4f0154b4b55566d9ac9c5776ce8dede0a423e2835393834d58d4411f638d34cd.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
4f0154b4b55566d9ac9c5776ce8dede0a423e2835393834d58d4411f638d34cd.exe
Resource
win10v2004-20241007-en
General
-
Target
b497744acdf0c1daca7f1bfa0b1b8cf8f851eade196d6c242193fc3483a80dd5
-
Size
115KB
-
MD5
aee50949809bb1599fc15a81cc169964
-
SHA1
20cbb5fc7c83524c26d8d45928edf0419dc1ac59
-
SHA256
b497744acdf0c1daca7f1bfa0b1b8cf8f851eade196d6c242193fc3483a80dd5
-
SHA512
281c5f243ab20ed03bc973a0ab4585955ee31278184f45bb7e948a44ef5653d7e4677efad369d8ef091fd402524658760e62b490ebf1a335b02c3a5235775b14
-
SSDEEP
3072:xVpFaO6CGSvD7JfI1Dqz+8F1nJ/hYh8D+gIyj:xvFaRbp1S1P+ZQ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/4f0154b4b55566d9ac9c5776ce8dede0a423e2835393834d58d4411f638d34cd.exe
Files
-
b497744acdf0c1daca7f1bfa0b1b8cf8f851eade196d6c242193fc3483a80dd5.zip
Password: infected
-
4f0154b4b55566d9ac9c5776ce8dede0a423e2835393834d58d4411f638d34cd.exe.exe windows:5 windows x86 arch:x86
bac2f6ca868f531d0ec2f058ef846d15
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
LoadLibraryW
GetVolumeInformationW
EnumSystemCodePagesA
LocalFree
FindNextFileW
TlsGetValue
CopyFileExA
MoveFileWithProgressA
SetVolumeLabelA
GetFirmwareEnvironmentVariableA
VerifyVersionInfoW
QueryDosDeviceW
EnumCalendarInfoExW
LocalFlags
VirtualProtect
SetFirmwareEnvironmentVariableW
CreateFileA
MapViewOfFile
GetWindowsDirectoryA
GetModuleHandleA
VirtualAlloc
IsBadReadPtr
CreateMemoryResourceNotification
WriteConsoleInputW
FindNextVolumeMountPointW
OpenWaitableTimerW
LocalReAlloc
FindResourceA
SearchPathA
RequestWakeupLatency
CallNamedPipeA
GetProcAddress
LoadLibraryA
GlobalAlloc
SetFileTime
GetConsoleAliasesLengthW
GetVolumeNameForVolumeMountPointA
SetCalendarInfoA
GetModuleHandleW
TerminateThread
GetSystemWindowsDirectoryW
MoveFileA
ResetWriteWatch
GetMailslotInfo
SetThreadUILanguage
GetDiskFreeSpaceExA
SetVolumeMountPointA
GetOEMCP
SetProcessAffinityMask
GlobalFindAtomW
MoveFileWithProgressW
InterlockedIncrement
InterlockedExchangeAdd
CancelTimerQueueTimer
ZombifyActCtx
InitializeCriticalSection
FindNextVolumeW
LeaveCriticalSection
GetDevicePowerState
InterlockedExchange
SetConsoleTitleA
GetPrivateProfileStructW
InterlockedCompareExchange
GetConsoleAliasExesLengthA
EnumCalendarInfoW
InterlockedDecrement
FindActCtxSectionStringA
GetTickCount
SetLastError
AddAtomA
Sleep
DeleteCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetLastError
DeleteFileA
GetStartupInfoW
HeapFree
HeapAlloc
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
HeapReAlloc
GetCPInfo
GetACP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
FlushFileBuffers
ReadFile
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CloseHandle
user32
GetAltTabInfoW
Sections
.text Size: 81KB - Virtual size: 80KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 69KB - Virtual size: 1.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 22KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ