Static task
static1
Behavioral task
behavioral1
Sample
dddaf7dfb95c12acaae7de2673becf94fb9cfa7c2d83413db1ab52a5d9108b79.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
dddaf7dfb95c12acaae7de2673becf94fb9cfa7c2d83413db1ab52a5d9108b79.exe
Resource
win10v2004-20230220-en
General
-
Target
29531f95f2ffc356c67975a60effa857.bin
-
Size
535KB
-
MD5
e04d8ecce1f8c5d2d95ca1202bc88dd5
-
SHA1
b7c8f27dc199baeab938ef3cb15a3305a118e993
-
SHA256
c36ab8f352d8899ab3c260a96ca7ae0d4b48f78156b1f3f9e9a28493d0d5303c
-
SHA512
df11150b162959bf1c098b56954186cc3d62f67b622a3e22fa4fb05f346c3b6a7657b01b6dc6856094902aaa5c5ef86d2f1531ac63c2adc95f7d093d658d58c0
-
SSDEEP
12288:JWgctu/lpfbVy6QJ9njzR91jvCn5AsUvUtzHSbi314kCx1HuiQ:JWgn/llRCJ9jzLwudvUebi314RIiQ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/dddaf7dfb95c12acaae7de2673becf94fb9cfa7c2d83413db1ab52a5d9108b79.exe
Files
-
29531f95f2ffc356c67975a60effa857.bin.zip
Password: infected
-
dddaf7dfb95c12acaae7de2673becf94fb9cfa7c2d83413db1ab52a5d9108b79.exe.exe windows x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 629KB - Virtual size: 629KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ