Behavioral task
behavioral1
Sample
3c57128b3c73bd6dc84d63f9322b4639857387a57ab156ed807524af2703eebb.exe
Resource
win7-20220812-en
General
-
Target
3c57128b3c73bd6dc84d63f9322b4639857387a57ab156ed807524af2703eebb
-
Size
132KB
-
MD5
2c0bd39e45fb17e514f1ceb1e5557cd4
-
SHA1
1fd118e2c57bc8bf103c88802016bd3292a41d60
-
SHA256
3c57128b3c73bd6dc84d63f9322b4639857387a57ab156ed807524af2703eebb
-
SHA512
d4cab419a09fe32224daa63d57edfc0345c00566cf08a5d246dcbd9f3b5b54175cc8505b4d4d100f86fa16996f0637ccf178fe190fe550b5993ba00d7a759ec8
-
SSDEEP
3072:eNnVadj174k8hrOMn3RYjzJdfd3wUNgs4DCiGAPT/JoutvVd:E24lOMnCjTdwUNT4WiRRoSz
Malware Config
Signatures
-
Processes:
resource yara_rule sample upx
Files
-
3c57128b3c73bd6dc84d63f9322b4639857387a57ab156ed807524af2703eebb.exe windows x86
Code Sign
32:25:fb:5a:95:d0:75:82:45:45:99:be:4e:85:fb:b1Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009 CANot Before17-10-2009 16:00Not After18-10-2012 16:00SubjectCN=Games Software Helper Tools23:35:a9:ef:3a:6f:3d:64:b1:cf:8d:1f:62:ad:bd:a0Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009 CANot Before30-09-1999 16:00Not After16-07-2036 16:00SubjectCN=VeriSign Class 3 Code Signing 2009 CA1f:c8:63:0a:ca:74:d4:e2:24:29:7d:72:67:c1:23:93:08:a8:ad:83Signer
Actual PE Digest1f:c8:63:0a:ca:74:d4:e2:24:29:7d:72:67:c1:23:93:08:a8:ad:83Digest Algorithmsha1PE Digest MatchestrueSignature Validations
TrustedfalseVerification
Signing CertificateCN=Games Software Helper Tools17-11-2022 13:13 Valid: false
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 208KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 125KB - Virtual size: 128KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE