General
-
Target
Product_item.exe
-
Size
927KB
-
Sample
201012-2zmkhbsh5n
-
MD5
8a9aae01cda806a3da1bbb8bdb40da3f
-
SHA1
df95aa3ea7a3fbc66ced0615491ee7e656f09a52
-
SHA256
054b7c5d38a00ecfc40168d4dc21610139c5ab6a46d2a0e851ef100397d5e5e9
-
SHA512
781529a195356186c87507fd0e39368c6ca3ad35fc43b6ae4e547f6b24b399b1ac057a7c1f8765a9669f2363a8fab34ac17946de2a819e2d51c9892849c2d039
Static task
static1
Behavioral task
behavioral1
Sample
Product_item.exe
Resource
win7
Malware Config
Targets
-
-
Target
Product_item.exe
-
Size
927KB
-
MD5
8a9aae01cda806a3da1bbb8bdb40da3f
-
SHA1
df95aa3ea7a3fbc66ced0615491ee7e656f09a52
-
SHA256
054b7c5d38a00ecfc40168d4dc21610139c5ab6a46d2a0e851ef100397d5e5e9
-
SHA512
781529a195356186c87507fd0e39368c6ca3ad35fc43b6ae4e547f6b24b399b1ac057a7c1f8765a9669f2363a8fab34ac17946de2a819e2d51c9892849c2d039
-
Modifies firewall policy service
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-