Static task
static1
Behavioral task
behavioral1
Sample
encrypter-windows-gui-x86.exe
Resource
win10v2004-20250502-en
General
-
Target
encrypter-windows-gui-x86.zip
-
Size
600KB
-
MD5
6e7d53e8f4fead156637b404a9b87962
-
SHA1
63a199642fcefcfa5d2e982bea6efc8b51a970a6
-
SHA256
acf624fd5f6c21c41c4b67b4cc55075df81ad0e5ff10cfce97a1298b1dada421
-
SHA512
4566a20e61af71cd39320d254e70dfcc53005dc46e1a951c8636c5c13e7b591afda4697091b9944d51ae24221f5a8ebfa5cdb1b0616f2bc2e42b226f0bde55f6
-
SSDEEP
12288:8UBgtL58MnizZVnag3kmeD7F7NiUWlZKi1BTjzI4UpQ8h9e4fo:8wgtLXQZdpkmw73iZKirzk1fo
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/encrypter-windows-gui-x86.ex
Files
-
encrypter-windows-gui-x86.zip.zip
Password: infected
-
encrypter-windows-gui-x86.ex.exe windows:5 windows x86 arch:x86
Password: infected
4580f6d5135a499d1a67b6e3dfc41bd8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
GetProcessId
CreateToolhelp32Snapshot
LoadLibraryA
Module32FirstW
GetProcAddress
FreeLibrary
FindFirstVolumeW
GetSystemDefaultUILanguage
TerminateProcess
SetFilePointer
GetLocaleInfoW
OpenProcess
GetLogicalDriveStringsW
Process32NextW
Process32FirstW
GetNativeSystemInfo
SetVolumeMountPointW
FindVolumeClose
GetVolumePathNamesForVolumeNameW
FindNextVolumeW
GetTickCount
GetDriveTypeW
GetModuleHandleW
GetComputerNameW
CreateThread
GlobalFree
GlobalAlloc
PostQueuedCompletionStatus
ExitThread
GetQueuedCompletionStatus
LeaveCriticalSection
DeleteTimerQueue
EnterCriticalSection
CreateTimerQueueTimer
CancelIo
GetProcessHeap
DecodePointer
SetEndOfFile
HeapSize
GetConsoleCP
FlushFileBuffers
HeapReAlloc
GetStringTypeW
SetStdHandle
HeapAlloc
LCMapStringW
CompareStringW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
DeleteFileW
CreateDirectoryW
GetVersionExW
GetCommandLineW
InterlockedIncrement
HeapFree
CopyFileW
WaitForSingleObject
CreateMutexA
WriteConsoleW
GetStdHandle
lstrlenW
MoveFileW
lstrcpyW
WideCharToMultiByte
ExitProcess
DeleteCriticalSection
SetFilePointerEx
CloseHandle
lstrcatW
GetLastError
SetFileAttributesW
GetFileAttributesW
CreateFileW
GetEnvironmentVariableW
InitializeCriticalSection
GetModuleFileNameW
WriteFile
GetFileSizeEx
ReadFile
lstrcmpW
lstrcmpiW
MultiByteToWideChar
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
lstrlenA
SetConsoleCtrlHandler
GetACP
GetModuleHandleExW
GetModuleFileNameA
RaiseException
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
RtlUnwind
SetConsoleMode
ReadConsoleW
ReadConsoleA
GetConsoleMode
GetSystemInfo
FindClose
InterlockedDecrement
FindNextFileW
FindFirstFileW
LocalFree
GetCurrentProcess
CreateTimerQueue
Sleep
CreateProcessW
ConvertFiberToThread
GlobalMemoryStatus
DeleteFiber
GetFileType
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
CreateIoCompletionPort
user32
KillTimer
AppendMenuW
SetMenu
MoveWindow
RegisterHotKey
RegisterClassW
SetTimer
CreatePopupMenu
UnregisterClassW
SendMessageW
PostQuitMessage
GetProcessWindowStation
GetUserObjectInformationW
CreateMenu
UpdateWindow
EnableWindow
CreateWindowExW
MessageBoxW
IsWindowVisible
DestroyWindow
GetWindowRect
PostMessageW
wvsprintfW
ShowWindow
TranslateMessage
DispatchMessageW
GetMessageW
PeekMessageW
MessageBoxA
GetKeyState
UnregisterHotKey
DefWindowProcW
gdi32
CreateFontW
DeleteObject
comdlg32
GetOpenFileNameW
advapi32
CryptEnumProvidersW
CryptDestroyHash
CloseServiceHandle
OpenSCManagerW
ControlService
EnumDependentServicesW
OpenServiceW
QueryServiceStatusEx
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
RegCreateKeyA
RegCloseKey
RegSetValueExW
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
LookupPrivilegeValueW
SetSecurityDescriptorDacl
AdjustTokenPrivileges
SetSecurityDescriptorOwner
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
OpenProcessToken
InitializeSecurityDescriptor
BuildTrusteeWithSidW
GetUserNameW
LookupAccountNameW
CryptCreateHash
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptSignHashW
shell32
SHBrowseForFolderW
SHGetPathFromIDListW
DragAcceptFiles
DragQueryFileW
SHGetSpecialFolderPathW
SHEmptyRecycleBinW
ShellExecuteW
CommandLineToArgvW
SHGetMalloc
ole32
CoInitializeSecurity
CoInitializeEx
CoTaskMemFree
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
oleaut32
VariantInit
VariantClear
shlwapi
StrStrIW
StrCmpNW
StrStrIA
StrToIntW
StrStrA
crypt32
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFindCertificateInStore
iphlpapi
GetIpNetTable
netapi32
NetApiBufferFree
NetShareEnum
mpr
WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum
ws2_32
recv
send
WSAIoctl
closesocket
bind
WSACleanup
WSASetLastError
shutdown
WSASocketW
WSAGetLastError
setsockopt
freeaddrinfo
htons
getsockopt
gethostname
inet_ntoa
WSAAddressToStringW
socket
WSAStartup
getaddrinfo
gethostbyname
wininet
InternetCloseHandle
InternetOpenUrlW
InternetReadFile
InternetOpenW
comctl32
ord17
Sections
.text Size: 771KB - Virtual size: 770KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 304KB - Virtual size: 303KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 37KB - Virtual size: 53KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ