Static task
static1
Behavioral task
behavioral1
Sample
d896a70344f563564b69b669e778f5508dffe0f7f2f407095286a408d2cc7203.exe
Resource
win7-20230220-en
General
-
Target
01a970df802dc1f758765d3f84007876.bin
-
Size
1.9MB
-
MD5
e8c2f5b203638f92ba55e4acfa6b46f8
-
SHA1
c302264fa1edbf04b95e79884eb3031a60f08c02
-
SHA256
d4f822a9f1975d158105be3f8c8998486b08fe3521842414498456a0f6abdfba
-
SHA512
312c85eba52c8778a1e45a44463fd6c27eb61d25192e07583e902af224ab5c2fffc96da78436a5385689d6cdd557b3d0da81331cb084affc795802f795cdba26
-
SSDEEP
49152:tUbNgXYipHFjoRilP/WtumfFPefmT6GgBQ:2C3HFjoRk3reGfCR
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/d896a70344f563564b69b669e778f5508dffe0f7f2f407095286a408d2cc7203.exe
Files
-
01a970df802dc1f758765d3f84007876.bin.zip
Password: infected
-
d896a70344f563564b69b669e778f5508dffe0f7f2f407095286a408d2cc7203.exe.exe windows x86
Password: infected
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 35KB - Virtual size: 35KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 1024B - Virtual size: 584B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 3KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 8B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ