Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20230220-en
General
-
Target
tmp
-
Size
898KB
-
MD5
33108fe9d2b46a295190763ebb4083f7
-
SHA1
28926c7fd4b1271230a0cfcf2d193ef7cd08e17d
-
SHA256
99e559cde8a3871a1c1d045ff0f141d01aeff386c2798c127fdacdff6b193f17
-
SHA512
005060e50f1ddc3d721981fe433bd1a6ab9c4b57b965aa83aeab590220bd2a06aa93df25a59d5ed31e3947d85903c4910092632d27e79ad489d9af36d073458f
-
SSDEEP
12288:1epHyX2+Q6gmk12kka/ZzT9+CnHYNTQErfawt5IPzKi0:1epJHDskkKpT9hGZrfHtUzK
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource tmp
Files
-
tmp.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 829KB - Virtual size: 829KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ