Behavioral task
behavioral1
Sample
bda8a38ed2a51c1799de30b2c051fde9.exe
Resource
win7-20240215-en
General
-
Target
bda8a38ed2a51c1799de30b2c051fde9
-
Size
3.1MB
-
MD5
bda8a38ed2a51c1799de30b2c051fde9
-
SHA1
b4649ddc6bd605a564e815b108ff5ac405f9a3b9
-
SHA256
4d5a4068ee6d03be9efeae0b07828807454697e1f15eb4ed2fde59579c3ad1c2
-
SHA512
df84d96bdc77e286afab0e19f9516175a6bbb2be02ad7d65abd8b1efb538c88c631739454bf3e434966f729bc17bd93ab79882142a7ee603296b8976ac4809c3
-
SSDEEP
98304:GdNIA2b8lIpIta0Icq+KPtYulORjiCSHwdlPtqM7RcS4FIKU21IEfrNdSf8x:GdNB4ianUstYuUR2CSHsVP8x
Malware Config
Signatures
-
Processes:
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource bda8a38ed2a51c1799de30b2c051fde9
Files
-
bda8a38ed2a51c1799de30b2c051fde9.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.rvkzc Size: - Virtual size: 4.5MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX2 Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE