Behavioral task
behavioral1
Sample
1ed33d760f151b33b3d20bf9e6d0b722fe39cbd302ecebb5c6e3d0ee09e4ee05.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
1ed33d760f151b33b3d20bf9e6d0b722fe39cbd302ecebb5c6e3d0ee09e4ee05.exe
Resource
win10v2004-20230703-en
General
-
Target
6659f84db9582049c250a8343dbf9168.bin
-
Size
2.8MB
-
MD5
881f48f3f2c607d90bbff8982e1cff1f
-
SHA1
9124e709a2c43a23e5b22e28034e8e6936556f45
-
SHA256
28d9b2c50d309ba7c95fb614941744bd8caf13be874117552e443997fd44b339
-
SHA512
65f53ed07b141feab1278fef3bf53c217576f41a47fa8e9b0a05e4067a1c707fb4dbdf0220d896cddb5cd4495dc8d37ad0efc7fb36f408284969dd837e8a18a3
-
SSDEEP
49152:CmCkYGdKorgUT16P/RS5U3e1ho37R36L/pgSaQGzwekAzZgZa/rBIKIveYBPC:6kYGdKyxsP137RKLBeQG8eFRtIKIvfBq
Malware Config
Signatures
-
resource yara_rule static1/unpack001/1ed33d760f151b33b3d20bf9e6d0b722fe39cbd302ecebb5c6e3d0ee09e4ee05.exe themida
Files
-
6659f84db9582049c250a8343dbf9168.bin.zip
Password: infected
-
1ed33d760f151b33b3d20bf9e6d0b722fe39cbd302ecebb5c6e3d0ee09e4ee05.exe.exe windows x86
Password: infected
Code Sign
19:c7:e0:9e:14:25:d8:b8:48:5d:a7:43:8f:fd:57:0cCertificate
IssuerCN=Hewlett-Packard CompanyNot Before16-07-2023 17:53Not After17-07-2033 17:53SubjectCN=Hewlett-Packard Company39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before03-05-2023 00:00Not After02-08-2034 23:59SubjectCN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02-05-2019 00:00Not After18-01-2038 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
92:68:64:ef:5b:43:cf:1b:bc:9f:0f:3f:b3:cb:8d:f7:89:76:a9:6a:f4:56:ac:e8:75:9a:21:7f:69:3c:01:d7Signer
Actual PE Digest92:68:64:ef:5b:43:cf:1b:bc:9f:0f:3f:b3:cb:8d:f7:89:76:a9:6a:f4:56:ac:e8:75:9a:21:7f:69:3c:01:d7Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 350KB - Virtual size: 448KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 29KB - Virtual size: 71KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.idata Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 71KB - Virtual size: 71KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 3.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 2.4MB - Virtual size: 2.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ