Behavioral task
behavioral1
Sample
ca85bb321f5f8ff49660826effc53a02.exe
Resource
win7-20231215-en
General
-
Target
ca85bb321f5f8ff49660826effc53a02
-
Size
93KB
-
MD5
ca85bb321f5f8ff49660826effc53a02
-
SHA1
56569ea78b464fd3b81c90c7e578e3b60c502c58
-
SHA256
8cdba653a610425107a972ed3fe5af05ab30287a3242ca8eb5351c23cf8265e5
-
SHA512
a2cc80187d8cb157218b768daffb1ce99c1dd9e0fec086710a9226a4876d69a9cd0f35af1664ce9062cc498245f23dbd43a9aa27dd1a73879d95c94c2c447a52
-
SSDEEP
1536:gWTHVn5wa8TXvqHp6kzWgDaO3C54Gf3lagvHkMTafiyVDr1lVUd3jy0:gWTHVn8TXvc4O3CFvlaSED1Poj/
Malware Config
Signatures
-
Arkei family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ca85bb321f5f8ff49660826effc53a02
Files
-
ca85bb321f5f8ff49660826effc53a02.exe windows:5 windows x86 arch:x86
4c665f81387442ad965e3f4eba69f083
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
strstr
strncpy
getenv
rand
srand
_mbsicmp
_putenv
strtok
memcpy
memset
Sections
.text Size: 69KB - Virtual size: 69KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LLCPPC Size: 512B - Virtual size: 352B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE