Static task
static1
Behavioral task
behavioral1
Sample
gpiQaD7JJyHJILw.exe
Resource
win7-20230220-en
General
-
Target
5361c749c00af33849c9807d67e91083.bin
-
Size
521KB
-
MD5
f1f39c43cf6050c3fa5128ca6c88d526
-
SHA1
b37839b9ad66a73b5d648b73970125144b04df8a
-
SHA256
95cd926aeb70bdf2788e5785ec0fb7835ab4b2625fe61999f49a19ac67a90527
-
SHA512
478f2f594ef704cead31c9361f2ff00cb55931df36c3f58c31170f165ff3da4ce5c3a455c60418548f258a850ed165473de25b2d90381d96e5a5c3de270b2240
-
SSDEEP
12288:S/P5/oUU8wc9IwlyZGY6c3BGMOMHIsk1RAwq2UiZDPAte4B1Ae:+h/ogwc9Hl2G/OBNHRURAwqFiBPP5e
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack002/gpiQaD7JJyHJILw.exe
Files
-
5361c749c00af33849c9807d67e91083.bin.zip
Password: infected
-
e96272b73c791ba1159f7752818277eef009b0eb5945bf8405536b4ee399042b.rar.rar
Password: infected
-
gpiQaD7JJyHJILw.exe.exe windows x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 627KB - Virtual size: 626KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ