Static task
static1
General
-
Target
g0403969.exe
-
Size
11KB
-
MD5
3cb1768049acea810f774e5322411bc2
-
SHA1
e04d19f0127e366611919b226a2e34b7b655299c
-
SHA256
df99b1482b471387ab39fd89a701dd9a7027d1ca8e6970b7e46329d257df369a
-
SHA512
caf238337af1288f8fbf76ba8fa9dfe788828cf1a1185355cdfb7c890fd28be00b02ab923b1d294a8aac3a08ec615d8e9e2e87f44ef6c651d7cd7ea151f6cb76
-
SSDEEP
96:yA/vMth9sDLibql3A44P9QL4fwmPImg+A03PvXLOzk+gqWYV4J6oP/zNt:yw+wGWt94+iANiCkc4Jhp
Malware Config
Signatures
-
Detects Healer an antivirus disabler dropper 1 IoCs
resource yara_rule sample healer -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource g0403969.exe
Files
-
g0403969.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ