Behavioral task
behavioral1
Sample
43ecfbab9d337e135e5178560dcd6b09.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
43ecfbab9d337e135e5178560dcd6b09.exe
Resource
win10v2004-20231215-en
General
-
Target
43ecfbab9d337e135e5178560dcd6b09
-
Size
93KB
-
MD5
43ecfbab9d337e135e5178560dcd6b09
-
SHA1
fa87e49368e061e6c5e9a0cd06721be63eefae5b
-
SHA256
7563437b4995ff86f07e125569d077c49a5a15319b1effc1343d832eaf1cade6
-
SHA512
a88a5eb1267acaf07f8dd79d5942653783861f1d35d7972e9a9a87d1ed5b6a8783580d6b61be6ea7660ab6ce22f8b237354b28c657b8a78e145776e43cee763f
-
SSDEEP
1536:DnWTHVn+bwd8SN2/GopruYqibze54GnXlagvHsMTaXq6Lu4mcy7nKWDS3jy:LWTHVnqwd8ScN+VXlaSMHgLEj
Malware Config
Extracted
arkei
188.93.233.17/GAAvq7qJF5HDm.php
Signatures
-
Arkei family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 43ecfbab9d337e135e5178560dcd6b09
Files
-
43ecfbab9d337e135e5178560dcd6b09.exe windows:5 windows x86 arch:x86
4c665f81387442ad965e3f4eba69f083
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
strstr
strncpy
getenv
rand
srand
_mbsicmp
_putenv
strtok
memcpy
memset
Sections
.text Size: 69KB - Virtual size: 69KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ