Static task
static1
Behavioral task
behavioral1
Sample
5a2710aad998a175c08fa675a33e5c75379aa8d31bafe716a1d1a30af26a1175.exe
Resource
win7-20241010-en
General
-
Target
5a2710aad998a175c08fa675a33e5c75379aa8d31bafe716a1d1a30af26a1175
-
Size
2.4MB
-
MD5
3a28bd6a5491949f13332b6c0a741161
-
SHA1
8fe17999d6ad2e838ef24b08f2bede69cec8213c
-
SHA256
5a2710aad998a175c08fa675a33e5c75379aa8d31bafe716a1d1a30af26a1175
-
SHA512
1580f765e8e3944b6e04fff8d273611c1267959d14ba575973fcaeb38b5dd3da81470fa3e54d5dd496a49e8913cd1173ac1a7295071cb7822e0fe75cd2d05d39
-
SSDEEP
49152:/+bil8KtTt0dMdRhfU8n9KUY6VPhPIiH6HU/7xSNByQt4ZX:2Ol8KtTCdsLbn99KC6Bt45
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5a2710aad998a175c08fa675a33e5c75379aa8d31bafe716a1d1a30af26a1175
Files
-
5a2710aad998a175c08fa675a33e5c75379aa8d31bafe716a1d1a30af26a1175.exe windows:5 windows x86 arch:x86
4da4dec7ac10b3c1c3cb5088bd9d5927
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetFileSize
ReadFile
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
WriteFile
FindClose
FileTimeToSystemTime
lstrcpyW
GetTempPathW
GetFileAttributesW
GetFileAttributesExW
DeleteFileW
FindFirstFileW
FindNextFileW
CopyFileW
MoveFileExW
GetTickCount
GetCurrentProcessId
LoadLibraryW
GetPrivateProfileIntW
GetLongPathNameW
GetEnvironmentVariableW
GetDriveTypeW
GetSystemDirectoryW
CreateDirectoryW
WTSGetActiveConsoleSessionId
LocalFree
GetCurrentProcess
GetCurrentThreadId
GetSystemInfo
GetModuleHandleW
GetVolumeInformationW
GetVersionExW
ReleaseMutex
CreateMutexW
GlobalAlloc
GlobalFree
LocalAlloc
RaiseException
TerminateProcess
GetExitCodeProcess
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
DeviceIoControl
InitializeCriticalSectionAndSpinCount
SetPriorityClass
HeapSize
HeapReAlloc
DecodePointer
GetModuleFileNameW
DeleteCriticalSection
SetEndOfFile
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
CreateThread
TerminateThread
SetEvent
Sleep
GetExitCodeThread
CreateEventW
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
MapViewOfFile
CloseHandle
FlushViewOfFile
UnmapViewOfFile
OpenFileMappingW
IsBadReadPtr
FreeLibrary
GetProcessHeap
GetProcAddress
HeapAlloc
GetNativeSystemInfo
LoadLibraryA
VirtualAlloc
GetTimeZoneInformation
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleCP
GetACP
SetConsoleCtrlHandler
ExitProcess
OutputDebugStringA
GetLastError
lstrlenW
VirtualFree
SetLastError
HeapFree
VirtualProtect
GetPrivateProfileStringW
OpenProcess
WritePrivateProfileStringW
SetFilePointerEx
SystemTimeToTzSpecificLocalTime
ExitThread
RtlUnwind
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SystemTimeToFileTime
GetSystemTime
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
GetModuleHandleExW
VerifyVersionInfoA
GetSystemDirectoryA
GetModuleHandleA
VerSetConditionMask
ExpandEnvironmentStringsA
PeekNamedPipe
GetStdHandle
GetFileType
WaitForMultipleObjects
SleepEx
FormatMessageA
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
QueryPerformanceCounter
SwitchToThread
GetCurrentThread
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
user32
LoadStringW
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
wsprintfW
advapi32
RegisterEventSourceW
DeregisterEventSource
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegDeleteValueW
RegOpenKeyExW
DuplicateTokenEx
LookupAccountSidW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ReportEventW
RegOpenKeyW
RegEnumKeyW
GetTokenInformation
OpenProcessToken
ImpersonateLoggedOnUser
RevertToSelf
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
shell32
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
SHGetFolderPathW
ole32
CoCreateInstance
CoInitialize
CoUninitialize
shlwapi
PathAddBackslashW
wldap32
ord200
ord301
ord27
ord30
ord79
ord35
ord33
ord32
ord26
ord22
ord41
ord50
ord60
ord211
ord46
ord143
ws2_32
setsockopt
socket
WSAIoctl
getaddrinfo
getsockname
sendto
gethostname
ioctlsocket
getsockopt
freeaddrinfo
recvfrom
listen
accept
ntohs
WSAStartup
WSACleanup
recv
send
WSAGetLastError
__WSAFDIsSet
select
WSASetLastError
getpeername
bind
closesocket
connect
htons
wtsapi32
WTSQueryUserToken
wininet
HttpQueryInfoW
InternetOpenW
InternetQueryOptionW
InternetSetOptionW
InternetOpenUrlW
InternetCloseHandle
InternetReadFile
Sections
.text Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 525KB - Virtual size: 525KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 19KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 168KB - Virtual size: 168KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 146KB - Virtual size: 148KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE