Behavioral task
behavioral1
Sample
f9bd288f02c11c5475fb8365092eaa1ee7bfcb0a8bac0dbc88e4bbf35aa3751a.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
f9bd288f02c11c5475fb8365092eaa1ee7bfcb0a8bac0dbc88e4bbf35aa3751a.exe
Resource
win10v2004-20231215-en
General
-
Target
f9bd288f02c11c5475fb8365092eaa1ee7bfcb0a8bac0dbc88e4bbf35aa3751a.exe.zip
-
Size
13.2MB
-
MD5
0b5f0fbbb0605f2fa24c1ea66dba4471
-
SHA1
0e58015522ecfdc696d15493b90c1bd75fa95903
-
SHA256
9a5d402620aa8a81edafab0f429c8bfc54eb6434647826e77abd65856e623bcc
-
SHA512
f87b956f517c0b28c39fa88778a8f0956470e359393c38e6c89734dd1b50dd90e091d5423945bd1fd6fbcc55261394b899accbbd41e3ab93c3d7daeb9635220e
-
SSDEEP
393216:/sOEGV95WKLsKrwc+45izVb2KrPLaEYai37Zj0w:293GABb2wPLsaiFj0w
Malware Config
Signatures
-
resource yara_rule static1/unpack001/f9bd288f02c11c5475fb8365092eaa1ee7bfcb0a8bac0dbc88e4bbf35aa3751a.exe upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/f9bd288f02c11c5475fb8365092eaa1ee7bfcb0a8bac0dbc88e4bbf35aa3751a.exe
Files
-
f9bd288f02c11c5475fb8365092eaa1ee7bfcb0a8bac0dbc88e4bbf35aa3751a.exe.zip.zip
Password: infected
-
f9bd288f02c11c5475fb8365092eaa1ee7bfcb0a8bac0dbc88e4bbf35aa3751a.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
UPX0 Size: - Virtual size: 43.2MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 13.3MB - Virtual size: 13.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 473KB - Virtual size: 476KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE