Static task
static1
Behavioral task
behavioral1
Sample
Nghgisxtb.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
Nghgisxtb.exe
Resource
win10v2004-20231201-en
General
-
Target
Nghgisxtb.exe
-
Size
407KB
-
MD5
913aa7a8d382f9195e8057f5592e47a9
-
SHA1
538ea79a057fb8c0bd4f02c697fbefcffef87947
-
SHA256
8879bff7f26b389b8d375928fc6095a3847f8602e00822e3f2f67705e2d85cc0
-
SHA512
ef731541817fac134955e1e5bd632d78e5ac6b3aa9b148b4a5fb6f1acbda91c397a6f21665d91313a9d41ad2973ac0bd26f6784885f061d30d5e139503eb0ba6
-
SSDEEP
12288:vTz+p0qIUakJE3iQ6ZeJfTSK7An9/dhiWSI:vTz+p0qIUakJKixZeZ8/dlS
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource Nghgisxtb.exe
Files
-
Nghgisxtb.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 404KB - Virtual size: 404KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ