Static task
static1
Behavioral task
behavioral1
Sample
PHOTO-GOLAYA.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
PHOTO-GOLAYA.exe
Resource
win10v2004-20231222-en
General
-
Target
76491d1e50d31aa91f7bc1d1086dcb6f
-
Size
127KB
-
MD5
76491d1e50d31aa91f7bc1d1086dcb6f
-
SHA1
74467b60a4145ca774a6244a7f2f6980056cc064
-
SHA256
c8ff09f9bf656962ac20b531b56af97a39b434dd441dc344be3c841c17d90be0
-
SHA512
f0e2fbd3c5293b33c839a78a049c3254c45550f4aa3059e6eb7d4bb9207f48e6d130d1524179fb2d1fa7673b665a3761fae12a4c3e3a9429b9962ab26a8f7b5c
-
SSDEEP
3072:DvgEL7Yo4PkH9sIbkifAC+7s7UvVCT2JwAQNWSzx4i:DvgEPYo4PkM9JvVCgwA5S1/
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/PHOTO-GOLAYA.exe
Files
-
76491d1e50d31aa91f7bc1d1086dcb6f.zip
-
PHOTO-GOLAYA.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 91KB - Virtual size: 91KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 2KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 8B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 69KB - Virtual size: 68KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ