General
-
Target
de.exe
-
Size
300KB
-
Sample
200831-arbmjxaxlj
-
MD5
ae4f045f4a0b66fbf927f230e98a3648
-
SHA1
014ccaa6cd43ebf06f2fd4387f2ae6d899e2c6a0
-
SHA256
4a87068b0ac096d9472fa021fd6bdfcf7d218ae8716fabc2c027ebd595a2381f
-
SHA512
9fd676fb69426ea72a83d98b5aca2080fc273140fe3ab1cff65262529496637791a695c4d61baaa203fe831a0598586e039bfe079beae209d09d98fa9588e874
Static task
static1
Behavioral task
behavioral1
Sample
de.exe
Resource
win7
Malware Config
Targets
-
-
Target
de.exe
-
Size
300KB
-
MD5
ae4f045f4a0b66fbf927f230e98a3648
-
SHA1
014ccaa6cd43ebf06f2fd4387f2ae6d899e2c6a0
-
SHA256
4a87068b0ac096d9472fa021fd6bdfcf7d218ae8716fabc2c027ebd595a2381f
-
SHA512
9fd676fb69426ea72a83d98b5aca2080fc273140fe3ab1cff65262529496637791a695c4d61baaa203fe831a0598586e039bfe079beae209d09d98fa9588e874
-
Modifies firewall policy service
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-