Static task
static1
Behavioral task
behavioral1
Sample
iswearnorat_protected.exe
Resource
win10v2004-20231215-en
General
-
Target
iswearnorat_protected.exe
-
Size
284KB
-
MD5
248901833bb927a54c3c2c9875f4f7d4
-
SHA1
d11ccd310fb0294f7ade538ec854966ea3edefa3
-
SHA256
5369bc410a7152eba42eefd1492b224d50de3206e140f1327d7ef720846281b0
-
SHA512
edaf978aa7fdf3c2594b73ae0ff613d59d69d20d7adf3967af2e0cd3c003224653f7cdce685e5d0944729904c0011e0ea80a2d0c02b153a29fc33c6f76e8537b
-
SSDEEP
6144:BTPTP6O32RbHfjIRoj7pH6gbHC/Ogtbgq:BTWHf37pH6gbuaq
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource iswearnorat_protected.exe
Files
-
iswearnorat_protected.exe.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 282KB - Virtual size: 282KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ