Behavioral task
behavioral1
Sample
efb8e1f2ead7b6bf1a47d362795ac8692c83c07c2b078ce7c9f8462284c18e6f.exe
Resource
win7-20240221-en
General
-
Target
efb8e1f2ead7b6bf1a47d362795ac8692c83c07c2b078ce7c9f8462284c18e6f
-
Size
417KB
-
MD5
00724a083da6b4a83fdd91bb2bd99ca9
-
SHA1
0d4183c1360bb304ea26dd9b89ebda0d433db1a7
-
SHA256
efb8e1f2ead7b6bf1a47d362795ac8692c83c07c2b078ce7c9f8462284c18e6f
-
SHA512
936a64fdcc9e8dc6af1c0b1c9693743d01275c539f074d86bab0b633601bdb591e2c572cb4ce967a974550a232e8defeed74b359dba89b59aa2946c9e4b490b9
-
SSDEEP
6144:y5SXvBoDWoyLYyzbpPC4DYM6SB6v+qLnAzYmhwrxcvkzmSBrBw/i1:yIfBoDWoyFboU6hAJQnrMK
Malware Config
Signatures
-
Urelas family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource efb8e1f2ead7b6bf1a47d362795ac8692c83c07c2b078ce7c9f8462284c18e6f
Files
-
efb8e1f2ead7b6bf1a47d362795ac8692c83c07c2b078ce7c9f8462284c18e6f.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Sections
.text Size: 106KB - Virtual size: 108KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 21KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 6KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 225KB - Virtual size: 228KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HJSDRTRW Size: 25KB - Virtual size: 28KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE