Static task
static1
Behavioral task
behavioral1
Sample
ff6906393f892736432d9766c5d503855ea909e8165244e641aa986d61737651.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
ff6906393f892736432d9766c5d503855ea909e8165244e641aa986d61737651.exe
Resource
win10v2004-20231215-en
General
-
Target
0390281aa6bea2fccb424eec15cc7e78.bin
-
Size
444KB
-
MD5
dc362a2b66f36afd2fbfc1aff11c1e72
-
SHA1
e6732bf1f37c4bd7729cf483f19e2bbee2439654
-
SHA256
67051497fd97c6af464c672d930bc0e03f49fec42759bd94e1d5b7c3cf34e7bb
-
SHA512
4ff546dadc0f91816374e6ed5c9faa117b7e17dd9b5c48b305eb982d65aaf43be197aa1d8796f6c77413c4abd2e800695e6e076ef58b338f0627fbfe0e80066d
-
SSDEEP
12288:phJ2CUToWJFHYAD5th2hE86FnPcLozyA5mfM2:ph7NWD5tI6FSozkM2
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/ff6906393f892736432d9766c5d503855ea909e8165244e641aa986d61737651.exe
Files
-
0390281aa6bea2fccb424eec15cc7e78.bin.zip
Password: infected
-
ff6906393f892736432d9766c5d503855ea909e8165244e641aa986d61737651.exe.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 765KB - Virtual size: 764KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ