Static task
static1
Behavioral task
behavioral1
Sample
gu.exe
Resource
win7-20230220-en
General
-
Target
gu.exe
-
Size
501KB
-
MD5
4838cffb6abbb084c90d6148c8af4150
-
SHA1
3b468222f1b323c944f14ec5e6d9e88cf99e43b0
-
SHA256
454aeeebb31b396580032ea5484a998de90f0e8acc5bac19f2cdc66150cfff62
-
SHA512
cd9770457c90ff8e6c0f69fdcbee987058182ae53ab40b718ab450953abcf631a7e54a35b140f743d8384063b8f5499ddf1fdb79055f14a3e5232f7cc6f3c99c
-
SSDEEP
12288:qYMo1y/Os3kV5Jwrg1fgve6QXv9dntE7F/:qYMo1y/OsC5C2fgve6QXv9jEh/
Malware Config
Signatures
-
Nirsoft 1 IoCs
Processes:
resource yara_rule sample Nirsoft -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource gu.exe
Files
-
gu.exe.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 496KB - Virtual size: 496KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 177B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ