Overview

overview

10

Static

static

10

00260c390f...f8.exe

windows7-x64

10

00260c390f...f8.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    00260c390ffab5734208a7199df0e4229a76261c3f5b7264c4515acb8eb9c2f8

  • Size

    862KB

  • MD5

    96de05212b30ec85d4cf03386c1b84af

  • SHA1

    dbe5243c6ea5cc4cfb3edf042bd94a59cf9a0e64

  • SHA256

    00260c390ffab5734208a7199df0e4229a76261c3f5b7264c4515acb8eb9c2f8

  • SHA512

    3a77e9dad5348a612ee83284ed7e098cc19375a92910756bc4d9274f484a68b0a73ce39fef53a1d12fecccc1daf5d48a1d264c18b1fe8ed4741e1a95cbcbdf47

  • SSDEEP

    24576:DxAf2NuubB6RWspgjuwu7pl4Ha+UmxJH+Q9F:dAfSrWW4g+7Ht+UmxJe6

Score
10/10

Malware Config

Signatures

  • Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 00260c390ffab5734208a7199df0e4229a76261c3f5b7264c4515acb8eb9c2f8
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections