Static task
static1
Behavioral task
behavioral1
Sample
EXPENSIVE LOADER.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
EXPENSIVE LOADER.exe
Resource
win10-20230915-en
General
-
Target
EXPENSIVE LOADER.bin.zip
-
Size
1.2MB
-
MD5
96d0eff4d80dd6843d410f4f4f5e4c81
-
SHA1
b273d5d1fc95d304a3a31b60c7f0798300ed3e3e
-
SHA256
d3e832fc80acdc65b025a2f2ddf27f9b6ee273434a9f57df9a5afe977dfdcac3
-
SHA512
494459f61db0c1235b4e1eb25597371816814c331559f6de7d32c08cc3e1cfed2d19d599d2a2e20810b65b3c199cc8135f286cc5b64ed911dce3637e08fdc152
-
SSDEEP
24576:CgkZdN5CI6nBbM7LEMkMWh3q3V4yRi8wu6svT2STPjJx4vpv4:C1v6nBbM7rkvSRxVvTpXzz
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/EXPENSIVE LOADER.bin
Files
-
EXPENSIVE LOADER.bin.zip.zip
Password: infected
-
EXPENSIVE LOADER.bin.exe windows x86
Password: infected
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Size: 110KB - Virtual size: 272KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: - Virtual size: 72KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 68KB - Virtual size: 72KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 202KB - Virtual size: 2.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
da2a Size: 951KB - Virtual size: 952KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE