Static task
static1
Behavioral task
behavioral1
Sample
6e3cf5c7cccc4369fbed86c4de5bb59d7bb40c1ced10cab8b0bc733299d45ea1.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
6e3cf5c7cccc4369fbed86c4de5bb59d7bb40c1ced10cab8b0bc733299d45ea1.exe
Resource
win10v2004-20230220-en
General
-
Target
d1bfe5dced7785f6ed04ecea70874680.bin
-
Size
1.0MB
-
MD5
2d3f929340667659c2ab820b100855f3
-
SHA1
6488efcce1725cb246bb3e7740a25062c69ab1cf
-
SHA256
fc951d317207c3645bd31be1b7fa508fc95d878c2de11a51a864d885dcec6ea2
-
SHA512
9a6e0f477c88b83dbabf59d2e638b22c01f1c5762395f5bee9686c2e6e3ccad886aeb935aac0e7437af3f56e5862ea4d34db07f3999c24d2e667c07c71ac9da2
-
SSDEEP
24576:sq2jzPH+K2ZorKFRdbXWTr1IBikDRPaKG6bsdccZ7LimDBdXXrZwjr5lHU5:sqarH+3ormRpXWv1IsIRPZG6b07Ww7rl
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/6e3cf5c7cccc4369fbed86c4de5bb59d7bb40c1ced10cab8b0bc733299d45ea1.exe
Files
-
d1bfe5dced7785f6ed04ecea70874680.bin.zip
Password: infected
-
6e3cf5c7cccc4369fbed86c4de5bb59d7bb40c1ced10cab8b0bc733299d45ea1.exe.exe windows x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ