General
-
Target
c684fc46858558ec39fbd7500d86ac10.exe
-
Size
488KB
-
Sample
200910-cgmdxtwzgj
-
MD5
c684fc46858558ec39fbd7500d86ac10
-
SHA1
ca83afe0c8c2ccd7fc9dc0b02b196c5e8b05969f
-
SHA256
4af7c93f154aff7489fa923d76328ef0ec16027b578b24f1ae40f2172f6e246c
-
SHA512
447055a81a2ec1804d9820c323f4954e336e785e1df4498198fb04ede0dc13290523ab90cd7e5b0a91dcae7b3cc5daa27923d5a6ccc3704c9fdd65b6607eeced
Static task
static1
Behavioral task
behavioral1
Sample
c684fc46858558ec39fbd7500d86ac10.exe
Resource
win7v200722
Malware Config
Targets
-
-
Target
c684fc46858558ec39fbd7500d86ac10.exe
-
Size
488KB
-
MD5
c684fc46858558ec39fbd7500d86ac10
-
SHA1
ca83afe0c8c2ccd7fc9dc0b02b196c5e8b05969f
-
SHA256
4af7c93f154aff7489fa923d76328ef0ec16027b578b24f1ae40f2172f6e246c
-
SHA512
447055a81a2ec1804d9820c323f4954e336e785e1df4498198fb04ede0dc13290523ab90cd7e5b0a91dcae7b3cc5daa27923d5a6ccc3704c9fdd65b6607eeced
-
Modifies firewall policy service
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-