Static task
static1
Behavioral task
behavioral1
Sample
efbe462f4a296b1339e67659670384617fd29e48c998db6cab6ffc601a0d1f19.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
efbe462f4a296b1339e67659670384617fd29e48c998db6cab6ffc601a0d1f19.exe
Resource
win10v2004-20230220-en
General
-
Target
287b678f74eae9dacfc22cf4928227cc.bin
-
Size
1.3MB
-
MD5
fc885c7aef8a32b28ba3396becab1f79
-
SHA1
a68cefd055099fc0db8d3c7654c16725b2fd4e8b
-
SHA256
0ab7a336a35fc4e3472968e07b1b4c43254585d6879cbe9e1ea9323b96c1f074
-
SHA512
c8e7e38e861cc97f702328be13b9aed789140de14b86c857045a9e5607b66eb245e51297e2fb5b4d83afb16e0c53ae332c35f9758b339edcac9caafb5874f36a
-
SSDEEP
24576:EZx5Y6tXucdiJsGz9V2MSqJWoPe8ICTw2C2XQHqx8441VGx:q7XBiJrz9V2cwrrPeQHqx844rGx
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/efbe462f4a296b1339e67659670384617fd29e48c998db6cab6ffc601a0d1f19.exe
Files
-
287b678f74eae9dacfc22cf4928227cc.bin.zip
Password: infected
-
efbe462f4a296b1339e67659670384617fd29e48c998db6cab6ffc601a0d1f19.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 2.4MB - Virtual size: 2.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ