Behavioral task
behavioral1
Sample
4065b126e2bab0d42bc96688134c686d610a6bdf3eebeef8659420704f650987.exe
Resource
win7-20230220-en
General
-
Target
1695bb54d473710584deaea09824453d.bin
-
Size
731KB
-
MD5
8d577aea7d956ef18e46fa9bf492eed8
-
SHA1
5d690be9ded1ee5d9a68c5d47dc2f12affe4883a
-
SHA256
f0d593b714eb6eb4dc95defbfee61d2fd6a165b1e9c30fb6e36ea9380e164686
-
SHA512
1cdfd9f055ed6a9333ec474267add7b18f781903e4c8171f2da243be1ca9104e8be64ea95ff12b879d078009694089f3ffa74a0b689c0ca56043b1e90fd3382f
-
SSDEEP
12288:TjWPs8iUMevrE9+w0wAva3VOl8XShkWLAsgLD1nf1Lf7CPmziD63PU88vLVvvWzt:NaHvA1VYuXXSHxwnfBfVEh3Bn04dsn
Malware Config
Signatures
-
Processes:
resource yara_rule static1/unpack001/4065b126e2bab0d42bc96688134c686d610a6bdf3eebeef8659420704f650987.exe vmprotect
Files
-
1695bb54d473710584deaea09824453d.bin.zip
Password: infected
-
4065b126e2bab0d42bc96688134c686d610a6bdf3eebeef8659420704f650987.exe.exe windows x86
Password: infected
c3d7a1b36acac9169aff477ba8424f6f
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetVersionExA
GetVersion
EnumResourceNamesA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess
user32
MessageBoxW
Sections
.text Size: - Virtual size: 52KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 374KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 639KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp1 Size: 732KB - Virtual size: 731KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 20KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ