Behavioral task
behavioral1
Sample
4fd0c9d8fafa4d4f81d0d70ca966e7921c4736c4dfef9051af3fc1ccf20f3966.exe
Resource
win7-20230220-en
General
-
Target
09e5c6db3ddafacd61fd8231a55b08ad.bin
-
Size
3.1MB
-
MD5
aab820e9687192e1939e738883c5e67e
-
SHA1
ca3e18e43db65e840ccbd495b6b461728dc140b3
-
SHA256
a3cb429152bf36be0db416b6a4271fd47cbe5260d77a927ca70e4bd75e115cfe
-
SHA512
ab12e385b6a12258e86c58a5fd3a4b97eae9a091f0c4565ac48321b1163ae687085542efdaf350b10a5883cb1796e5322904c331a920d5f9535df88c27c5eb7c
-
SSDEEP
49152:TtsUbklKeN9sPUU9btXLAReUdoRBqDsI9ASTYYizsIcwbeaGt/8f67xAY+1NQHfH:jbPeN9stAReUeoD6STAl7aakkf6WfQn/
Malware Config
Signatures
-
Processes:
resource yara_rule static1/unpack001/4fd0c9d8fafa4d4f81d0d70ca966e7921c4736c4dfef9051af3fc1ccf20f3966.exe vmprotect
Files
-
09e5c6db3ddafacd61fd8231a55b08ad.bin.zip
Password: infected
-
4fd0c9d8fafa4d4f81d0d70ca966e7921c4736c4dfef9051af3fc1ccf20f3966.exe.exe windows x86
Password: infected
00de631d57481fec13b7898c99324f13
Code Sign
44:82:6c:5f:ab:41:18:9f:4e:57:f3:0e:bc:c8:17:b2Certificate
IssuerCN=Acer Lite Ultra AN517-57 [AN527-75-77M3]Not Before12-03-2023 18:13Not After13-03-2033 18:13SubjectCN=Acer Lite Ultra AN517-57 [AN527-75-77M3]90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before11-05-2022 00:00Not After10-08-2033 23:59SubjectCN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02-05-2019 00:00Not After18-01-2038 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:e6:38:78:fc:06:49:50:87:c6:09:3a:06:54:ab:73:b4:9d:c8:56:03:44:22:93:ae:39:f1:f2:d7:94:c0:d7Signer
Actual PE Digest33:e6:38:78:fc:06:49:50:87:c6:09:3a:06:54:ab:73:b4:9d:c8:56:03:44:22:93:ae:39:f1:f2:d7:94:c0:d7Digest Algorithmsha256PE Digest MatchesfalseSignature Validations
TrustedfalseVerification
Signing CertificateCN=Acer Lite Ultra AN517-57 [AN527-75-77M3]27-03-2023 18:21 Valid: false
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
LocalSize
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
gdi32
GetDeviceCaps
ole32
CoInitialize
user32
GetProcessWindowStation
GetUserObjectInformationW
Sections
.text Size: - Virtual size: 97KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 1.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 3.2MB - Virtual size: 3.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 184KB - Virtual size: 339KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ