Static task
static1
Behavioral task
behavioral1
Sample
3d9fb88bcef5eab71412d7dd1310f00362f982d801267692b28dc34ca45983c6.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
3d9fb88bcef5eab71412d7dd1310f00362f982d801267692b28dc34ca45983c6.exe
Resource
win10v2004-20240611-en
General
-
Target
3d9fb88bcef5eab71412d7dd1310f00362f982d801267692b28dc34ca45983c6.exe
-
Size
51KB
-
MD5
a091532e52927259aa09560e1f788800
-
SHA1
64528e6344d73dab2930c4ef3fb88c41553d1807
-
SHA256
3d9fb88bcef5eab71412d7dd1310f00362f982d801267692b28dc34ca45983c6
-
SHA512
e81567dd459b5f8efd7378d1adc864d5eae7e115f1a348ce7fa9f3a4eb73bc4904a982bff9e12cf54521b87fd95c126e66c446320f7dfefc3af3df594f910b29
-
SSDEEP
768:+DsBzFlUD/Yop9CwyWOySATV9505sW3fpSwNssG8E4Q4oaKVuE:+DsBzFlQCwyUNTV95ipLW4oaKw
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 3d9fb88bcef5eab71412d7dd1310f00362f982d801267692b28dc34ca45983c6.exe
Files
-
3d9fb88bcef5eab71412d7dd1310f00362f982d801267692b28dc34ca45983c6.exe.exe windows:6 windows x64 arch:x64
9e51c59a766829f3422610c9871477e8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
FormatMessageA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetModuleHandleW
GetSystemTimeAsFileTime
GetThreadLocale
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
LoadLibraryA
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
VirtualProtect
gdi32
EnumFontFamiliesExW
user32
GetDC
vcruntime140
_CxxThrowException
__C_specific_handler
__current_exception
__current_exception_context
__std_exception_copy
__std_exception_destroy
memcpy
memset
api-ms-win-crt-stdio-l1-1-0
__acrt_iob_func
__p__commode
__stdio_common_vfprintf
__stdio_common_vsprintf
__stdio_common_vsscanf
_set_fmode
api-ms-win-crt-runtime-l1-1-0
__p___argc
__p___argv
_c_exit
_cexit
_configure_narrow_argv
_crt_atexit
_errno
_exit
_get_initial_narrow_environment
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_set_app_type
exit
terminate
api-ms-win-crt-heap-l1-1-0
_callnewh
_set_new_mode
calloc
free
malloc
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
api-ms-win-crt-string-l1-1-0
strlen
strncpy
api-ms-win-crt-environment-l1-1-0
getenv
Sections
.text Size: 28KB - Virtual size: 27KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.00cfg Size: 512B - Virtual size: 56B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.retplne Size: 512B - Virtual size: 140B
_RDATA Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 424B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 948B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ