Static task
static1
Behavioral task
behavioral1
Sample
Winver.exe
Resource
win10-20240221-en
General
-
Target
Winver.bin
-
Size
2.0MB
-
MD5
e040025ba2260d1688e69f7b132593c4
-
SHA1
c04b0850896eee4675294b6a6f1c6125ccfcc284
-
SHA256
9d2f199dd7b604d5e214a6fa0cb99ae1535768554aa57466adfa07cae6b21fd7
-
SHA512
5741d28705f707e263c8dd4cb84e6bd265d8b9b436c25d6d516ac0871bd6093eb3e122799137043166c94e0d038e3660180640e252ba5eeb3bca22d1cb33194c
-
SSDEEP
24576:B95qNSCudfOBZo4nnefFmuafAv4pATFigjIOpdE2KxqUis:V+SHhOoYWmuXv4pATFi5OpdtK0Uis
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Winver.bin
Files
-
Winver.bin.exe windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 2.5MB - Virtual size: 2.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2.5MB - Virtual size: 2.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 249KB - Virtual size: 620KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 57KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xdata Size: 512B - Virtual size: 168B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 45KB - Virtual size: 45KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.symtab Size: 512B - Virtual size: 4B
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ