Behavioral task
behavioral1
Sample
049a0dd7e1e97a80874e72e20090f8f6.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
049a0dd7e1e97a80874e72e20090f8f6.exe
Resource
win10v2004-20231215-en
General
-
Target
049a0dd7e1e97a80874e72e20090f8f6
-
Size
94KB
-
MD5
049a0dd7e1e97a80874e72e20090f8f6
-
SHA1
f5c1a829ade11f5076f6e79db856eb22557413e3
-
SHA256
374f8b75ff7e58a404b138d947fe767e2e82b3d83255e83de5a54d0795498a62
-
SHA512
50a5547570f1bf43fb42ef987261d1049f5fb2d1a2cf21852cf5fbdf2f8a03c9e943b4445a8059e2d79cbd0c447ccfe89e3fb9e8d42c527dbbd344d722c7bd44
-
SSDEEP
1536:omHnlXAwwoQJVX85X96kuN71XNv34GanlagvHdpkeaEIid7ou2Z0Dih:omHnlXU5VXSSNXL6laS957ouq0D
Malware Config
Extracted
arkei
Default
193.232.86.47/EXeQRD0Ovd.php
Signatures
-
Arkei family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 049a0dd7e1e97a80874e72e20090f8f6
Files
-
049a0dd7e1e97a80874e72e20090f8f6.exe windows:5 windows x86 arch:x86
7a3cd68b30647aa7842f81d47c8efa54
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
strncpy
_putenv
rand
srand
getenv
_mbsicmp
strstr
strtok
memcpy
memset
kernel32
LocalAlloc
Sections
.text Size: 72KB - Virtual size: 71KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 21KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE