Main
ShellCode
Behavioral task
behavioral1
Sample
pcap2.dll
Resource
win7-20230220-en
Target
pcap2.bin
Size
1.1MB
MD5
4fbb077017ae0c8294e49c87019e10ac
SHA1
e0ff11e7cad909ff13c00177d4fd1b9e6f11d6e0
SHA256
e8b009c3ff4d8342070c5c394a00d0a8c343936b11c7c1329e68302eddc909f8
SHA512
2dc8162886f8860d6badfee4e916954ad4151b7576e733342a1722fc910bc7140205b8c36aba2f670d066e63d3217fa53ffea0a527182dba2ba17ee9ddd353ce
SSDEEP
24576:ounsIn7Rac+I8Sijva1BsSx65M5WbUg/n3MtRldzFRgE:t/zRgE
resource | yara_rule |
---|---|
sample | family_gh0strat |
Checks for missing Authenticode signature.
resource |
---|
pcap2.bin |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Main
ShellCode
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ