DotNetRuntimeDebugHeader
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
1669d57e8c83d0666c86fafcd484a5fd158c995a58ad9a6855c56d849c00b40b.exe
Resource
win7-20240508-en
windows7-x64
10 signatures
150 seconds
General
-
Target
31cbb0ad4fbff526978c68212a36fb90.bin
-
Size
1.0MB
-
MD5
f0f4b672136fa5858992257e4be40dbf
-
SHA1
d52b296a5a77bb8f90c3afa80df032c3f80ae8d4
-
SHA256
3c1d75070302ac6b9ae87a6f8e7fa5868ec54113cf0b4f44b4d702d8e11196ce
-
SHA512
1e114b3fd716a51befed13edfc772f02e6f8a5a911aa722bef94f4a2c4d2f33e9071e9fad99ae7bdf384f77f589b7e946801ecd4c148232c6d2eb4b2c003ef1e
-
SSDEEP
24576:3k3GbOMJSTK8q9cjMfDyNLBlix3dpK1lNqtHHR8KfWFukjK:YJTQ9tYLBsdpeaxuxjK
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/1669d57e8c83d0666c86fafcd484a5fd158c995a58ad9a6855c56d849c00b40b.exe
Files
-
31cbb0ad4fbff526978c68212a36fb90.bin.zip
Password: infected
-
1669d57e8c83d0666c86fafcd484a5fd158c995a58ad9a6855c56d849c00b40b.exe.exe windows:6 windows x64 arch:x64
Password: infected
97f00b2383bd4369e5094078fdccae7a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
advapi32
AdjustTokenPrivileges
CreateWellKnownSid
DeregisterEventSource
DuplicateTokenEx
GetSecurityDescriptorLength
GetTokenInformation
GetWindowsAccountDomainSid
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyExW
RegDeleteTreeW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExA
RegSetValueExW
RegisterEventSourceW
ReportEventW
RevertToSelf
SetThreadToken
bcrypt
BCryptDestroyKey
BCryptEncrypt
BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptSetProperty
BCryptDecrypt
BCryptCloseAlgorithmProvider
BCryptImportKey
kernel32
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
RaiseException
RtlPcToFileHeader
AllocConsole
CancelThreadpoolIo
CloseHandle
CloseThreadpoolIo
CompareStringEx
CompareStringOrdinal
CopyFileExW
CreateDirectoryW
CreateEventExW
CreateFileW
CreateProcessA
CreateSymbolicLinkW
CreateThreadpoolIo
DeleteCriticalSection
DeleteFileW
DeleteVolumeMountPointW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
EnumCalendarInfoExEx
EnumTimeFormatsEx
ExitProcess
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindNLSStringEx
FindNextFileW
FindStringOrdinal
FlushFileBuffers
FormatMessageW
FreeConsole
FreeLibrary
GetCPInfo
GetCalendarInfoEx
GetConsoleOutputCP
GetConsoleWindow
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumberEx
GetCurrentThread
GetDynamicTimeZoneInformation
GetEnvironmentVariableW
GetFileAttributesExW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetLocaleInfoEx
GetLogicalDrives
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetOverlappedResult
GetProcAddress
GetStdHandle
GetSystemDirectoryW
GetSystemTime
GetThreadPriority
GetTickCount64
GetTimeZoneInformation
GetUserPreferredUILanguages
GetVolumeInformationW
InitializeConditionVariable
InitializeCriticalSection
IsDebuggerPresent
LCMapStringEx
LeaveCriticalSection
LoadLibraryExW
LocalAlloc
LocalFree
LocaleNameToLCID
MoveFileExW
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseFailFastException
ReadFile
RemoveDirectoryW
ReplaceFileW
ResetEvent
ResolveLocaleName
ResumeThread
SetEvent
SetFileAttributesW
SetFileInformationByHandle
SetLastError
SetThreadErrorMode
SetThreadPriority
Sleep
SleepConditionVariableCS
StartThreadpoolIo
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
VirtualAlloc
VirtualFree
WaitForMultipleObjectsEx
WakeConditionVariable
WideCharToMultiByte
WriteFile
FlushProcessWriteBuffers
WaitForSingleObjectEx
RtlVirtualUnwind
RtlCaptureContext
RtlRestoreContext
VerSetConditionMask
AddVectoredExceptionHandler
FlsAlloc
FlsGetValue
FlsSetValue
CreateEventW
SwitchToThread
CreateThread
GetCurrentThreadId
SuspendThread
GetThreadContext
SetThreadContext
QueryInformationJobObject
GetModuleHandleW
GetModuleHandleExW
GetProcessAffinityMask
VerifyVersionInfoW
InitializeContext
GetEnabledXStateFeatures
SetXStateFeaturesMask
VirtualQuery
GetSystemTimeAsFileTime
InitializeCriticalSectionEx
DebugBreak
WaitForSingleObject
SleepEx
GlobalMemoryStatusEx
GetSystemInfo
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
GetProcessGroupAffinity
K32GetProcessMemoryInfo
RtlUnwindEx
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
ole32
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoWaitForMultipleHandles
CoInitializeEx
CoCreateGuid
CoGetApartmentType
user32
LoadStringW
api-ms-win-crt-math-l1-1-0
__setusermatherr
floor
pow
modf
sin
cos
ceil
tan
api-ms-win-crt-heap-l1-1-0
free
calloc
_set_new_mode
malloc
_callnewh
api-ms-win-crt-string-l1-1-0
strncpy_s
strcpy_s
_stricmp
wcsncmp
strcmp
api-ms-win-crt-convert-l1-1-0
strtoull
api-ms-win-crt-runtime-l1-1-0
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___wargv
__p___argc
_exit
exit
_initterm_e
terminate
_crt_atexit
_initterm
_register_onexit_function
_get_initial_wide_environment
abort
_initialize_onexit_table
_initialize_wide_environment
_configure_wide_argv
_seh_filter_exe
_set_app_type
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vsscanf
__p__commode
__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vsprintf_s
_set_fmode
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Exports
Exports
Sections
.text Size: 448KB - Virtual size: 447KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.managed Size: 871KB - Virtual size: 870KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
hydrated Size: - Virtual size: 305KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 674KB - Virtual size: 674KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 78KB - Virtual size: 77KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 136KB - Virtual size: 136KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ