C:\cusatamanes.pdb
Static task
static1
Behavioral task
behavioral1
Sample
8f293e95ee50331a6991b814386088cd7a2b83e4dd53faaaecc3e03b0f34a3b9.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
8f293e95ee50331a6991b814386088cd7a2b83e4dd53faaaecc3e03b0f34a3b9.exe
Resource
win10v2004-20241007-en
General
-
Target
2cc9c5423c5ebde932de2210bcedb4f2f7b1567f03478172477f44c576409f07
-
Size
104KB
-
MD5
89d3c44f9a10be2f50ee553453e310a3
-
SHA1
40fe22818033462a3cc5f554517eb5dc49929cd5
-
SHA256
2cc9c5423c5ebde932de2210bcedb4f2f7b1567f03478172477f44c576409f07
-
SHA512
7f49a75048ff18b0bacc4fa698508215cc0a31a9a01f356ef15f5a3af43d41ea04dff8603a4f8b3e0fa17d4fa749136482f3cba3f66507e4b6a622bcc8784d0f
-
SSDEEP
3072:5NaaTyfkCSIRjruvOWivmfKng8wRzYMBdM1hTzFoZzvZ8/s1CcP8:XBTyf1SIpujRCzwRX3GeZzK/yI
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/8f293e95ee50331a6991b814386088cd7a2b83e4dd53faaaecc3e03b0f34a3b9.exe
Files
-
2cc9c5423c5ebde932de2210bcedb4f2f7b1567f03478172477f44c576409f07.zip
Password: infected
-
8f293e95ee50331a6991b814386088cd7a2b83e4dd53faaaecc3e03b0f34a3b9.exe.exe windows:5 windows x86 arch:x86
49722f1cfa82ece9963ca752aa123cd3
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
LoadLibraryW
GetVolumeInformationA
EnumSystemCodePagesW
LocalFree
FindNextFileW
TlsGetValue
CopyFileExA
SetDefaultCommConfigW
SetVolumeLabelA
ReadFileEx
VerifyVersionInfoW
QueryDosDeviceW
EnumCalendarInfoExW
LocalFlags
VirtualProtect
TlsSetValue
CreateFileA
MapViewOfFile
GetWindowsDirectoryW
GetModuleHandleA
VirtualAlloc
IsBadReadPtr
CreateMemoryResourceNotification
WriteConsoleInputW
FindNextVolumeMountPointW
OpenWaitableTimerW
GetNamedPipeInfo
GetCPInfoExA
SearchPathA
RequestWakeupLatency
CallNamedPipeA
GetProcAddress
LoadLibraryA
GlobalAlloc
SetFileTime
GetVolumeNameForVolumeMountPointA
SetCalendarInfoW
GetModuleHandleW
TerminateThread
MoveFileA
PeekNamedPipe
GetMailslotInfo
SetThreadUILanguage
GetDiskFreeSpaceExA
SetVolumeMountPointA
GetOEMCP
SetProcessAffinityMask
CreateDirectoryExA
GlobalFindAtomW
MoveFileWithProgressW
InterlockedIncrement
CancelTimerQueueTimer
ZombifyActCtx
InitializeCriticalSection
FindNextVolumeW
LeaveCriticalSection
HeapQueryInformation
SetConsoleTitleA
GetPrivateProfileStructW
InterlockedCompareExchange
GetConsoleAliasExesLengthA
InterlockedExchangeAdd
EnumCalendarInfoW
InterlockedDecrement
GetEnvironmentStringsW
GetTickCount
SetLastError
GetLogicalDrives
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
DeleteFileA
GetStartupInfoW
TlsAlloc
TlsFree
GetCurrentThreadId
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
EnterCriticalSection
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetModuleFileNameW
FreeEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
IsValidCodePage
RtlUnwind
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
HeapAlloc
HeapReAlloc
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize
FlushFileBuffers
ReadFile
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CloseHandle
user32
GetAltTabInfoA
Sections
.text Size: 61KB - Virtual size: 60KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 69KB - Virtual size: 1.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 22KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ