Static task
static1
Behavioral task
behavioral1
Sample
1532-65-0x0000000000400000-0x0000000000438000-memory.exe
Resource
win7-20220331-en
Behavioral task
behavioral2
Sample
1532-65-0x0000000000400000-0x0000000000438000-memory.exe
Resource
win10v2004-20220331-en
General
-
Target
1532-65-0x0000000000400000-0x0000000000438000-memory.dmp
-
Size
224KB
-
MD5
cd9b7672d6bf9a1d3c90d4fa5e823b56
-
SHA1
08ac4c559bbc222ad4cc1dc49f264346a5eae156
-
SHA256
48517b8bdbad69b13faaa237a44070c3fc7ee8dfd1de60409c7a8f2e32587392
-
SHA512
2957d87a8075592e4fa7df156acb2cfc7f52342c7815de2a64c92b2d53fcf4bb2aa3713599df29d637ff4d287e28f43f48d9f0d2fb8ad87effb16dd687e788bd
-
SSDEEP
3072:WfUomEuYm98dlSq7gt5q7Dx+XgS6aCEwhOfUbCalNT2pbB3fIR1Xi6FLP:WfUauY68uSWCx+XA7mg2pN41Lj
Malware Config
Extracted
oski
zubroxmack.cf
Signatures
-
Oski family
Files
-
1532-65-0x0000000000400000-0x0000000000438000-memory.dmp.exe windows x86
Code Sign
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 150KB - Virtual size: 150KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 32KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ