Static task
static1
Behavioral task
behavioral1
Sample
a26f0a2da63a838161a7d335aaa5e4b314a232acc15dcabdb6f6dbec63cda642.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
a26f0a2da63a838161a7d335aaa5e4b314a232acc15dcabdb6f6dbec63cda642.exe
Resource
win11-20250502-en
General
-
Target
a26f0a2da63a838161a7d335aaa5e4b314a232acc15dcabdb6f6dbec63cda642.zip
-
Size
1.4MB
-
MD5
33c3c4a70747f73f58ba6a74963f9b0a
-
SHA1
98353e018c96bbc40bfd938d8fd6bb4812ccb5e4
-
SHA256
54b28d10fb97433918fab2f72777263a00e5ce22d681b547c29def25dfdf0a5e
-
SHA512
e0cf74beac17f4cf1536c19f1e091855146a283ee8f34e7c13dc8741e1501ca72abac8c3bb428e88d4010a1c4b23253974b06967114ba7c8ebac4721c4f70744
-
SSDEEP
24576:ONnGKq09vRRAeEXBIv8jGFHWAu/UGPJuZ8qXBEexkezMdRuQ/Azzk0AcfW7l:ONnZq0ZRRAn7GF2B/UGBuZTBRURFYM6M
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/a26f0a2da63a838161a7d335aaa5e4b314a232acc15dcabdb6f6dbec63cda642
Files
-
a26f0a2da63a838161a7d335aaa5e4b314a232acc15dcabdb6f6dbec63cda642.zip.zip
Password: infected
-
a26f0a2da63a838161a7d335aaa5e4b314a232acc15dcabdb6f6dbec63cda642.exe windows:0 windows x64 arch:x64
b3b7ad6f2170dcc432067867d73f9aed
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Imports
comctl32
CreateStatusWindow
CreateToolbarEx
DPA_GetPtr
ImageList_GetImageCount
ImageList_LoadImage
ImageList_Read
comdlg32
ReplaceTextA
gdi32
AngleArc
CancelDC
CreatePen
DdQueryVisRgnUniqueness
EngCheckAbort
FontIsLinked
GdiCreateLocalEnhMetaFile
GdiEntry12
GdiGetSpoolFileHandle
GdiValidateHandle
GetEnhMetaFileHeader
GetObjectA
ResizePalette
ScaleViewportExtEx
kernel32
AddConsoleAliasW
ApplicationRecoveryFinished
CompareFileTime
CreateProcessInternalA
CreateSymbolicLinkTransactedW
CreateThreadpoolCleanupGroup
CreateThreadpoolTimer
DeleteBoundaryDescriptor
EnumSystemLanguageGroupsW
EnumTimeFormatsW
FindFirstVolumeW
GetAtomNameA
GetCalendarDifferenceInDays
GetCalendarInfoW
GetConsoleProcessList
GetDateFormatA
GetFileInformationByHandle
GetMaximumProcessorCount
GetProcAddress
GetProcessorSystemCycleTime
GetProfileStringA
GetTapeParameters
GetThreadContext
GetThreadUILanguage
LZOpenFileW
LoadLibraryA
LocalLock
LocalReAlloc
LocateXStateFeature
OpenJobObjectW
SetComPlusPackageInstallStatus
SetFileIoOverlappedRange
SetFileValidData
SetProcessDEPPolicy
SetThreadStackGuarantee
SetThreadpoolThreadMaximum
StartThreadpoolIo
VerifyVersionInfoW
VirtualQueryEx
WaitForMultipleObjects
msvcrt
clock
cosh
free
iswalnum
malloc
memcpy
memset
perror
remove
strncmp
_wcslwr
_wcsrev
_getpid
_chsize
ole32
CoGetCallContext
CoGetCurrentProcess
CoReleaseMarshalData
CoRetireServer
HMENU_UserUnmarshal
ObjectStublessClient19
OleBuildVersion
OleCreateLinkEx
OleSetMenuDescriptor
SetErrorInfo
user32
AdjustWindowRectEx
ArrangeIconicWindows
BringWindowToTop
CharLowerW
CharNextExA
CreateIconFromResourceEx
DefMDIChildProcA
DefWindowProcA
DisplayConfigGetDeviceInfo
DrawTextW
EndPaint
FindWindowW
GetClassInfoExW
GetClassWord
GetMenuItemInfoW
GetMonitorInfoW
GetUpdateRgn
GetWindowModuleFileNameW
GhostWindowFromHungWindow
IsCharAlphaA
MonitorFromWindow
OpenIcon
RegisterServicesProcess
RegisterTasklist
SetCapture
SetForegroundWindow
TranslateMDISysAccel
UnregisterSessionPort
UserLpkPSMTextOut
Sections
.text Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 176KB - Virtual size: 176KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 655KB - Virtual size: 654KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ