Static task
static1
Behavioral task
behavioral1
Sample
377765e6db9b32b31178abcc12f75be26dc381bc0376466fa92334030bcc00e3.exe
Resource
win7-20240729-en
General
-
Target
377765e6db9b32b31178abcc12f75be26dc381bc0376466fa92334030bcc00e3.exe
-
Size
483KB
-
MD5
2338d9dd5a26364c6ad63ea403f5208d
-
SHA1
22c8fcce2b983ac77a50b2b21e355801173be2cc
-
SHA256
377765e6db9b32b31178abcc12f75be26dc381bc0376466fa92334030bcc00e3
-
SHA512
ba9b56a2a45e05633e326490fef66840fb543875f34375ef29997b91fb6acbda0c2a97ed5096936f63a27aad56ea817e4fc817716f116c7fe5c25f0b30cdae21
-
SSDEEP
12288:7ORXMExJ7REzeA82PYY6ZaHHBQQvJfOAaygfGhfh1auuZrgZDj:7OR8I7WzeA8EYY6ZKhQQvVOAaycGhfhH
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 377765e6db9b32b31178abcc12f75be26dc381bc0376466fa92334030bcc00e3.exe
Files
-
377765e6db9b32b31178abcc12f75be26dc381bc0376466fa92334030bcc00e3.exe.exe windows:4 windows x86 arch:x86
448bcd966f0495cea91d7d1abe70e3f8
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
advapi32
GetUserNameA
OpenProcessToken
kernel32
CloseHandle
CreateEventA
CreateFileA
CreateFileMappingA
CreatePipe
CreateProcessA
CreateToolhelp32Snapshot
DeleteCriticalSection
EnterCriticalSection
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FindClose
FindFirstFileA
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetConsoleMode
GetConsoleProcessList
GetConsoleScreenBufferInfo
GetConsoleWindow
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
GetDriveTypeA
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesExA
GetFileInformationByHandle
GetFileSizeEx
GetFileType
GetLastError
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetNumberOfConsoleInputEvents
GetProcAddress
GetProcessId
GetStartupInfoA
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetVersionExA
GetVolumeInformationA
GetVolumeInformationW
InitializeCriticalSection
LeaveCriticalSection
MapViewOfFile
MoveFileExA
OpenProcess
PeekConsoleInputA
PeekNamedPipe
Process32First
Process32Next
QueryPerformanceCounter
ReadConsoleInputA
ResetEvent
SetConsoleCtrlHandler
SetConsoleCursorPosition
SetConsoleMode
SetConsoleTextAttribute
SetEndOfFile
SetEnvironmentVariableA
SetEvent
SetFileAttributesA
SetFilePointer
SetFileTime
SetHandleInformation
SetUnhandledExceptionFilter
Sleep
SleepEx
SwitchToThread
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
msvcrt
__argv
__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
_access
_acmdln
_amsg_exit
_cexit
_cwait
_environ
_errno
_exit
_fdopen
_findclose
_findfirst
_fmode
_fstati64
_fullpath
_get_osfhandle
_getch
_initterm
_iob
_lock
_lseeki64
_onexit
_open_osfhandle
_pipe
_setjmp3
_setmode
_spawnve
_stricmp
_strnicmp
time
mktime
localtime
gmtime
ctime
clock
exit
fclose
feof
ferror
fflush
fgetc
fgets
fopen
fprintf
fputc
fputs
fread
free
freopen
fseek
fwrite
getc
getchar
getenv
isalnum
isalpha
iscntrl
islower
isprint
ispunct
isspace
isupper
isxdigit
localeconv
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
putc
putchar
puts
qsort
raise
rand
realloc
rename
setbuf
setlocale
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtok
strtol
strtoul
_telli64
_tzset
_unlock
abort
atof
atoi
tolower
ungetc
vfprintf
vsprintf
wcstombs
bsearch
calloc
clearerr
_vsnprintf
_findnext
longjmp
_timezone
_write
_unlink
_umask
_strdup
_rmdir
_read
_putenv
_open
_mktemp
_mkdir
_isatty
_getpid
_getcwd
_getche
_fileno
_fdopen
_dup2
_dup
_creat
_close
_chmod
_chdir
user32
CharToOemA
CharToOemBuffA
DispatchMessageA
MsgWaitForMultipleObjects
OemToCharBuffA
PeekMessageA
ShowWindow
TranslateMessage
userenv
GetUserProfileDirectoryA
ws2_32
WSACleanup
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSASetLastError
WSASocketA
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyaddr
gethostname
getnameinfo
getpeername
getservbyname
getsockname
htonl
htons
inet_addr
inet_ntoa
listen
ntohl
ntohs
recv
select
setsockopt
shutdown
Sections
.text Size: 351KB - Virtual size: 350KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 48KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 4KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 52B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 72KB - Virtual size: 76KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE