Static task
static1
Behavioral task
behavioral1
Sample
Qfegtu.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
Qfegtu.exe
Resource
win10v2004-20231023-en
General
-
Target
hareketleriniz .pdf.gz
-
Size
73KB
-
MD5
9c20dfac1e8190c1a73f507b7fc1b0bc
-
SHA1
431d76808d911da257bbb6be05bedf544cbe9d89
-
SHA256
dd2d8ca6602bafc8c7717f66402fa24743a7b9144d349598c7aa412ce33365d3
-
SHA512
2a5c5bda5e02ab3a453487555a79c529e82b6af0fb9251d8e309d142742b05905458dd4e6985d2d421b44c8d7e910d1c983fff8fa1464e70a9417b7216e860c0
-
SSDEEP
1536:ga/xYWbHs0yEA5pox7r10NCwo4LHQx4K1/v3t3/f:gwxOjEAzox7e7hJK1Hx/f
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/Qfegtu.exe
Files
-
hareketleriniz .pdf.gz.zip
-
Qfegtu.exe.exe windows:4 windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 167KB - Virtual size: 167KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 26KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ