Static task
static1
Behavioral task
behavioral1
Sample
onedrive.updated.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
onedrive.updated.exe
Resource
win10v2004-20231215-en
General
-
Target
onedrive.updated.exe
-
Size
4.7MB
-
MD5
a1670c38632ef92883eb6c57fb5f46ed
-
SHA1
760225427be0ac51a55b0dbbe940c842b1c71b9f
-
SHA256
1b5b6a176580c369f0e10411918fcdd8c32052a2d3af3f594f4c3e3971b5bb21
-
SHA512
430d764f25d8e9e76686e4f5c732e5db539d81091d3c67597e768014ca345278fd52b113e36e84e64790bd3d69f583b113620ef383ba72c17bf7b1d403db29a3
-
SSDEEP
98304:/K0lLmml1PWpiSzZSXRn7+d0iGPav5E8XKoqw:/KWLmmlFeiWEn7+dlGWiB
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource onedrive.updated.exe
Files
-
onedrive.updated.exe.exe windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Odz0w Size: 4.1MB - Virtual size: 8.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
I4dR0 Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
4pzTk Size: 34KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
krmqy Size: 495KB - Virtual size: 494KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
xyC4h Size: 67KB - Virtual size: 66KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uMHca Size: 24KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ