Behavioral task
behavioral1
Sample
c3681da8cdbba19041d36bb0fbec162ddaae98a2ba9fe2b29d252e26f64a4ec8.exe
Resource
win7-20220812-en
General
-
Target
c3681da8cdbba19041d36bb0fbec162ddaae98a2ba9fe2b29d252e26f64a4ec8.zip
-
Size
4.0MB
-
MD5
2c266fc002c1f072d47462d0e23c5d2c
-
SHA1
252cda51c8744d1395800b89cf00449c73a0fd30
-
SHA256
8edeb501cb81a79e444ab29f7be396990deca5838fb8120565113b6aa75a5bfe
-
SHA512
0752590575db177dabeeecaf602f1e2de476b579b3d6ddcca5c2207d725bb03880ac1925532bf6539375616bd79df589cfb9848f73bd3b1f855654ed2bdc7971
-
SSDEEP
98304:1fr/0xZLwgpACYmhQIAxxSWKT0s/gI+cTLrh1WSzyF1g:1frsZLcmhQIAMt/gxcPtgSW1g
Malware Config
Signatures
-
Processes:
resource yara_rule static1/unpack001/c3681da8cdbba19041d36bb0fbec162ddaae98a2ba9fe2b29d252e26f64a4ec8 upx
Files
-
c3681da8cdbba19041d36bb0fbec162ddaae98a2ba9fe2b29d252e26f64a4ec8.zip.zip
Password: threatbook
-
c3681da8cdbba19041d36bb0fbec162ddaae98a2ba9fe2b29d252e26f64a4ec8.exe windows x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Sections
UPX0 Size: - Virtual size: 9.8MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 4.0MB - Virtual size: 4.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX2 Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE