Behavioral task
behavioral1
Sample
winbio.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
winbio.exe
Resource
win10v2004-20240221-en
General
-
Target
winbio.exe
-
Size
69KB
-
MD5
2edbacd070d1949bb5d97d3a6e4e23f6
-
SHA1
761168968a1d951848a36ad428ee4d05153f1e01
-
SHA256
8894b6508e7b3d8759a53d0ac7a6ceb39fd63ba65b1e89be62b2acdce7781fdc
-
SHA512
a4b282b8c91124a6dc465573842a03b5fcf346af6e561eef66ea405fcb784251044e2f8a2c0a61cbb0e29f7efc02a71d131930b70e2c021978d00c0b3c38f344
-
SSDEEP
1536:juCWRxL7hbUiQfovecnXUU+hhOZuIWiFp+ZfaBZebC33O+MEYTb:KCWf7VJQfmeMXvkhOZu1iFBBZebC3+
Malware Config
Signatures
-
Detected Netwalker Ransomware 1 IoCs
Detected unpacked Netwalker executable.
resource yara_rule sample netwalker_ransomware -
Netwalker family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource winbio.exe
Files
-
winbio.exe.exe windows:6 windows x86 arch:x86
e82dd51b077167be63c004bed23d0c1e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
Sleep
Sections
.text Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 808B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ