Static task
static1
Behavioral task
behavioral1
Sample
Orders.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Orders.exe
Resource
win10v2004-en-20220113
General
-
Target
c2530bd0dfc05cf316f3ec108fc0a384eb8e72f40bc8142c3fcdb92a9d251946
-
Size
1.2MB
-
MD5
ea5b92d980b8d65fbac061e3330bf9b5
-
SHA1
5393d177115e95a6151a19852ba4d67b984260b1
-
SHA256
c2530bd0dfc05cf316f3ec108fc0a384eb8e72f40bc8142c3fcdb92a9d251946
-
SHA512
360952075bced1b434b8c4a63932244b5e0f2e3aa3327fe31028464023aa3c05555f7769e9a72807a8b6eabba2c3ea7fe720b55ed8fd2d4cfc2b41e385344d82
-
SSDEEP
24576:9fLJ9qeeFv5HtxZsUBcDianRwhOZxgWrupPg+FFoCIfXQC8e/F+Ys:VFwe+xjZrBcOa4qHQFFdIfAJSF+Ys
Malware Config
Signatures
-
Beds Protector Packer 1 IoCs
Detects Beds Protector packer used to load .NET malware.
Processes:
resource yara_rule static1/unpack001/Orders.exe beds_protector
Files
-
c2530bd0dfc05cf316f3ec108fc0a384eb8e72f40bc8142c3fcdb92a9d251946.zip
-
Orders.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Code Sign
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ