Static task
static1
Behavioral task
behavioral1
Sample
ca.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
ca.exe
Resource
win10v2004-20230915-en
General
-
Target
ca.exe
-
Size
15.5MB
-
MD5
8304e472109d484d1f05f63065dfa9e3
-
SHA1
f6a74140875b1bcd07deec5901d45c19899719bd
-
SHA256
ca2d6d25c24192283a3cd41efb34a4b04a7e69352d98538bb0bb92ba13fe3f4e
-
SHA512
50b9831f309421c6df0c73f3682a65f91e05be97a82e0ef5591b34a734559fcfccc1dfbcd2c4f09ee7c36417fc613f927e8c4a2eefa54b37c649dc053d386bd6
-
SSDEEP
393216:a285Q/0OIPvdZvYF/bd7KRyisf/9WptFDBE9zkBxPdnGRu:aV5Q8O0vYhd7KRd+/kptdBE9zkB2u
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ca.exe
Files
-
ca.exe.exe windows:4 windows x86
a9c887a4f18a3fede2cc29ceea138ed3
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
msvcrt
malloc
memset
strcmp
strcpy
getenv
sprintf
fopen
fwrite
fclose
__argc
__argv
_environ
_XcptFilter
__set_app_type
_controlfp
__getmainargs
exit
shell32
ShellExecuteA
kernel32
SetUnhandledExceptionFilter
Sections
.text Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15.4MB - Virtual size: 15.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 4B
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 67KB - Virtual size: 66KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ