Behavioral task
behavioral1
Sample
34d0d27787c14150002d33c2c5fbe6a5c5cfa60a75c0a9b71ecf9c7d425ca0c4.exe
Resource
win7-20220812-en
General
-
Target
34d0d27787c14150002d33c2c5fbe6a5c5cfa60a75c0a9b71ecf9c7d425ca0c4
-
Size
401KB
-
MD5
758ba4e2afbc0939bc3e2e4e28fce148
-
SHA1
37cefaa7a595dd9459f30fbbe61e3a566816bb66
-
SHA256
34d0d27787c14150002d33c2c5fbe6a5c5cfa60a75c0a9b71ecf9c7d425ca0c4
-
SHA512
f14070585879638d7bd0c3f3bec2b6304dcaddc93176fd2f8b5935f8049bb87659c894e961a786b0bbba150f4cdc759bb8136057713dafedb04fa83a6a24ea31
-
SSDEEP
6144:Zk4qms6EM5nAwghV4owCxZ5F4DsyfRc5ISvzSPeOI12TPMOll8/dFNoDVFcRB:+9vMDghGowCxZE15c5IKHbwT3MlOc
Malware Config
Signatures
-
Patched UPX-packed file 1 IoCs
Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.
resource yara_rule sample patched_upx -
resource yara_rule sample upx
Files
-
34d0d27787c14150002d33c2c5fbe6a5c5cfa60a75c0a9b71ecf9c7d425ca0c4.exe windows x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
UPX0 Size: - Virtual size: 204KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 349KB - Virtual size: 352KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 51KB - Virtual size: 52KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE