Behavioral task
behavioral1
Sample
新云软件.url
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
新云软件.url
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
黑营随机码生成器 V2.5.exe
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
黑营随机码生成器 V2.5.exe
Resource
win10v2004-20231215-en
General
-
Target
0cc0d157e8342c30aa7d2079fee45ebe
-
Size
365KB
-
MD5
0cc0d157e8342c30aa7d2079fee45ebe
-
SHA1
3afc1cc613510ceebf032cbad896d8e99065d64d
-
SHA256
cef2ce81bc9afe843a7886dea06166f9032dbcac35946f9f88cd46d75d255b20
-
SHA512
f2b1b79b4457b584631a89f843c1348e7f961d58946d6907333ba318979ee256095e8c4fb6c153fd9ea324da8bfc6a24f4c3967a9b7e080d393cc27d3f0db864
-
SSDEEP
6144:X6LhfzfVL5SW5aMFf7VnQwRjGcoKvOwbLoA0E2HkW6mgWhCSwntH3u6ZH7:qLpzJsyRFTKwIyoo2ZgW4SwVfH7
Malware Config
Signatures
-
resource yara_rule static1/unpack001/黑营随机码生成器 V2.5.exe upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/黑营随机码生成器 V2.5.exe
Files
-
0cc0d157e8342c30aa7d2079fee45ebe.rar
-
新云软件.url.url
-
黑营随机码生成器 V2.5.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
UPX0 Size: - Virtual size: 756KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 358KB - Virtual size: 360KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 17KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE