General
-
Target
43e4e9bffa44ca9ab7c93b2c156ca3594ac4dbe8505bec14dcc4a3bf91507a3f.exe.compressed
-
Size
442KB
-
MD5
b4f57febdf14845cfb4f31bac080508b
-
SHA1
fd2848cc6c98cd8479b7b9afeada66176f058f0f
-
SHA256
7ee78e9f306f4d9cb09e55b8df2854fd46ba30f71642ea361d9ea8a5bf72ae9e
-
SHA512
e509ad9cf3882a375cb5f588d3e6d5914cee04a6a61d62aecb1c4d29d112312313c2b64216c63f623e780b3fa8907035e7af0d8c2055c19b136de917a1eb0430
-
SSDEEP
3072:HFHCuFdjX3nEnZjLo3ChirBtRix4wBblxgNuhPXHrJTkzlLH0vxZffBrCzXiIlyD:liMjX3En9o3Chide4wlP5HrJTXf
Score
10/10
Malware Config
Signatures
-
Detects command variations typically used by ransomware 1 IoCs
-
Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
-
Detects executables containing commands for clearing Windows Event Logs 1 IoCs
-
Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
-
Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
-
UPX dump on OEP (original entry point) 1 IoCs
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
Files
-
43e4e9bffa44ca9ab7c93b2c156ca3594ac4dbe8505bec14dcc4a3bf91507a3f.exe.compressed
Headers
Sections
-
out.upx
Headers
Sections