Static task
static1
Behavioral task
behavioral1
Sample
578f67677c888990fbb7310e0a092a30.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
578f67677c888990fbb7310e0a092a30.exe
Resource
win10v2004-20231222-en
General
-
Target
578f67677c888990fbb7310e0a092a30
-
Size
37KB
-
MD5
578f67677c888990fbb7310e0a092a30
-
SHA1
2081038c4f8759c554630994c7f19306fac6384b
-
SHA256
43503f715176fbf6ba94acb24e8d39fc01b4ae4608b6a82868a3ed5abab57095
-
SHA512
cfaffb812df61dae0b1353e04fb497091279bed1491981c8ed7bb57e62682ca24eed36775ddd824ca29f1b2c1aa76ffcf5b9d555b0521fc0baf7cf10b3220ae3
-
SSDEEP
768:KrQK0XQFV4nrwoJ36z4kGJTXco2GgAxJksZ0ENpAs56X4:0QFW4nUckGNPHiMGX4
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 578f67677c888990fbb7310e0a092a30
Files
-
578f67677c888990fbb7310e0a092a30.exe windows:4 windows x86 arch:x86
aa77d18b40072a7e1dc36630aafffd27
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI
Imports
kernel32
GetProcAddress
LoadLibraryA
VirtualProtect
Sections
.XPack0 Size: - Virtual size: 100KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.XPack Size: 35KB - Virtual size: 35KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE