Static task
static1
Behavioral task
behavioral1
Sample
GOLAYA-PHOTO.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
GOLAYA-PHOTO.exe
Resource
win10v2004-20240221-en
General
-
Target
a392d40be2335ac641b03fca68769210
-
Size
86KB
-
MD5
a392d40be2335ac641b03fca68769210
-
SHA1
960ceaae0b893f1742046969c21c4c983e86f070
-
SHA256
325af363d05386e69a2b7927cedec174eccfea85f9aa854faf2b548b4a90e405
-
SHA512
349c2ab312b2022ecdedeab4cd36025b00d62fb9cb16b82b656e0e9bb9d12ae60117bf8788bf84edad0986d2a8f80d0e7cf1f62734969715064cfe0543e649a2
-
SSDEEP
1536:CQwHfvMS0xcGxFyhQkrnb1Mq9WbYdpA+UD5Xb+xzzlgVrOre4pUi8OgfRQ:CnHXMpxcGxFyhQ0bOqYM7TU5b+dp2rC7
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/GOLAYA-PHOTO.exe
Files
-
a392d40be2335ac641b03fca68769210.zip
-
GOLAYA-PHOTO.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 91KB - Virtual size: 91KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 2KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 8B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 69KB - Virtual size: 68KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ