Behavioral task
behavioral1
Sample
NEAS.1cda4f8e37fdb18c80fcd172695abe00.exe
Resource
win7-20231020-en
General
-
Target
NEAS.1cda4f8e37fdb18c80fcd172695abe00.exe
-
Size
40KB
-
MD5
1cda4f8e37fdb18c80fcd172695abe00
-
SHA1
cf3f8ba744c9440f65bdc4aa1e5c18351fdb99a9
-
SHA256
99dec7f15c42e3a4eba016c7aeef0d445fd51b846c44605410cbfbf6ab9f797d
-
SHA512
367ccad1491d325f4865428abff92ce192f13b7be9625f2742796fdd61b13aae9cfa154811ca344599810c89ecdb236f2e7927592dc2e8a9a363fefe2c978319
-
SSDEEP
768:q29Pf5I14hyYtoVxYG9mHfCBJTAIO3Ot:F7thyYtkYX/CPnO3
Malware Config
Signatures
-
Sakula family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource NEAS.1cda4f8e37fdb18c80fcd172695abe00.exe
Files
-
NEAS.1cda4f8e37fdb18c80fcd172695abe00.exe.exe windows:4 windows x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Sections
code Size: 27KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 7KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE