Behavioral task
behavioral1
Sample
XDeskShow2_2010b7.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
XDeskShow2_2010b7.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral3
Sample
新云软件.url
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
新云软件.url
Resource
win10v2004-20231222-en
General
-
Target
05209697c1e25e90125acedc613e6dc8
-
Size
10.1MB
-
MD5
05209697c1e25e90125acedc613e6dc8
-
SHA1
9223f07a6cfc0f86ae78d469928d2e326a697776
-
SHA256
dbd094bbe2334b2ae65ca25e1953b8cc5a600d41d02c8e525340cc58b4114764
-
SHA512
6501ea75baf188c9ec0bb7c15707b8bbb7dc81f603de1f66574c2f12d15d26ec6766d3bc240ff0c4c694fdeb5a07c80b58cce1af812d4f0b60934b88305a8fc6
-
SSDEEP
196608:n1ABDNXQsQUGsE6N/EKWSLFKZHHRXTQg83nDJoEwE/9Y+Cu77io9pNpWsDR+x4zm:1ARVQDNXmfWOoxDQg8X2bE/9Y+57RNpC
Malware Config
Signatures
-
resource yara_rule static1/unpack001/XDeskShow2_2010b7.exe upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/XDeskShow2_2010b7.exe
Files
-
05209697c1e25e90125acedc613e6dc8.rar
-
XDeskShow2_2010b7.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 640KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 20KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 16KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
新云软件.url.url