Static task
static1
Behavioral task
behavioral1
Sample
1a3258a176158d5d1d95b6f684dafb9e.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
1a3258a176158d5d1d95b6f684dafb9e.exe
Resource
win10v2004-20231215-en
General
-
Target
1a3258a176158d5d1d95b6f684dafb9e
-
Size
13KB
-
MD5
1a3258a176158d5d1d95b6f684dafb9e
-
SHA1
e8d4f2edc2a3ffed632605f8c86c40e5d887c348
-
SHA256
def44d5feb1289dca228c730bbb92c7c8448f1bd88c04bf09c13b278b5fdce42
-
SHA512
5bb512a0885a566c6afda3f89e0761aa232d35644d3625b51c577e2483f6d501d52262287105bd072f79b8d6e4df957fab6fc762fa4e8e90903a654c42111b94
-
SSDEEP
192:Jt1wOuS5fb04qFbi0n76zvUaTn9z3SI7VWEB/MO3cflUJkq8lY:JkOuUw+076rf9z3n7sEVMcklUr8l
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1a3258a176158d5d1d95b6f684dafb9e
Files
-
1a3258a176158d5d1d95b6f684dafb9e.exe windows:4 windows x86 arch:x86
119ba01abad812c4a461368344bcd6cd
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
ExitProcess
GetModuleHandleA
GetProcAddress
LoadLibraryA
RtlZeroMemory
VirtualAlloc
VirtualFree
VirtualProtect
Sections
.pepsi Size: 7KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
n-coded Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vrs Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE