Behavioral task
behavioral1
Sample
926c7852a627e66288bdeec0f2844994.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
926c7852a627e66288bdeec0f2844994.exe
Resource
win10v2004-20231222-en
General
-
Target
926c7852a627e66288bdeec0f2844994
-
Size
420KB
-
MD5
926c7852a627e66288bdeec0f2844994
-
SHA1
ebf419139f84580f75c1855e47f4006dd845823e
-
SHA256
2e23d557ca1abae7de953d6dcde430e629c206698f3fa0618abb2f9cd8066dbc
-
SHA512
ea02eef55549c8cfba93bb16c4203aa838dfe3f8410ebca73a635eab4ade09c9632b5d605f4f9cbff166df48393392e67a90314b3009243595cb5eb87b8e6194
-
SSDEEP
6144:P4u/+HW5XX7OpslFlqnhdBCkWYxuukP1pjSKSNVkq/MVJbD:wSUW5XX7wsloTBd47GLRMTbD
Malware Config
Signatures
-
Cybergate family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 926c7852a627e66288bdeec0f2844994
Files
-
926c7852a627e66288bdeec0f2844994.exe windows:4 windows x86 arch:x86
be63889866f6bba2109402ee273e5652
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
ord667
ord526
DllFunctionCall
__vbaExceptHandler
ord711
ProcCallEngine
ord100
Sections
.text Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 812B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 412KB - Virtual size: 410KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ