Behavioral task
behavioral1
Sample
zhua.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
zhua.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
新云软件.url
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
新云软件.url
Resource
win10v2004-20240226-en
General
-
Target
ad882a58d6759af619bafc925587e5fc
-
Size
9KB
-
MD5
ad882a58d6759af619bafc925587e5fc
-
SHA1
e17615d2e160497199a2403792502cd346611a45
-
SHA256
43254db33710104756c7e80c629322f53b00bcb8cc50384e2b4922205bd46fed
-
SHA512
1b6e2066993c8b147bacd87d2310e420feec6e477ef3176dfb98b3afe76f20f605c090f665fc0ec5860b2bea9fd67335a67491870978d5ed04b0d1d6315d6d7e
-
SSDEEP
192:zXystp7FGK2DZD0qhvztMBUT07GW2Gr7eOf18NEaeprINUwa5:rysDN+Z7Z0uMXPf1VaeuNna5
Malware Config
Signatures
-
resource yara_rule static1/unpack001/zhua.exe aspack_v212_v242 -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/zhua.exe
Files
-
ad882a58d6759af619bafc925587e5fc.rar
-
zhua.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 5KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.aspack Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.adata Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
新云软件.url.url