Behavioral task
behavioral1
Sample
innoi-tr.exe
Resource
win7-20230220-en
General
-
Target
innoi-tr.zip
-
Size
3.5MB
-
MD5
a832e10f78fa004d322eab8dd977445d
-
SHA1
5d80174642433de36db1bbefbb53b9df534dbb2d
-
SHA256
77ddc1e2673514ae550bb93a8b347dbbd551f714f12d6c48eb0fda03110da748
-
SHA512
ce941fe6c68b91befc97f45b9856257110cdb684e8c9fa2b92ba8a0e0ac0f28958499eb18f77cb9e674675df4bffd21508b8b723a799876185df9f3c64e1d9a1
-
SSDEEP
98304:zioADZbtXZHH8ddpbRBWf58CS0EsVZWjrZPK:f+tXaRBWf5HYsnoZPK
Malware Config
Signatures
-
Processes:
resource yara_rule static1/unpack001/innoi-tr.exe themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/innoi-tr.exe
Files
-
innoi-tr.zip.zip
Password: infected
-
innoi-tr.exe.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 48KB - Virtual size: 152KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 580B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.idata Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.themida Size: - Virtual size: 6.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 3.5MB - Virtual size: 3.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ