Static task
static1
Behavioral task
behavioral1
Sample
41d2f1c62ff12739256123b0174e369c.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
41d2f1c62ff12739256123b0174e369c.exe
Resource
win10v2004-20231215-en
General
-
Target
41d2f1c62ff12739256123b0174e369c
-
Size
381KB
-
MD5
41d2f1c62ff12739256123b0174e369c
-
SHA1
fb16186c8032c7e97ba64a052af8c71bd4e379cb
-
SHA256
aa4383af8e035d0f96129cff4a2b066408ab59adce2f8c088eda69d447b02e2a
-
SHA512
bdba75e31b4b9c534c4136f2fbbacc8a4380b15aecf7943c000d1fe00e6fbf8c7556e240601d67e534ce98817f4634d09f4204be41fdd4591d7e5db1616d3885
-
SSDEEP
6144:Hr/H/wxDUbNH9mPDQHE5rBOI1WpUlca888nkglhhdhteiVur/nVEfaZqa4:Hr/H/WkHSQk5FOI2kgRBeiS/EM4
Malware Config
Signatures
-
Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
resource yara_rule sample disable_win_def -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 41d2f1c62ff12739256123b0174e369c
Files
-
41d2f1c62ff12739256123b0174e369c.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 375KB - Virtual size: 375KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ