General

  • Target

    5181d2e71e8e73a82712a483a80aaea94e1efa785f2b8b8ee9641544c0b652f0

  • Size

    959KB

  • MD5

    01c9561a15dc451562ba536d8239fa41

  • SHA1

    9566de40d3435be6fac364e11d50d67d8a3c8dc4

  • SHA256

    5181d2e71e8e73a82712a483a80aaea94e1efa785f2b8b8ee9641544c0b652f0

  • SHA512

    42c59fc3052ebcef309bfa2b9824841097cf6e115207da5bd26ccdd273f6382790c83bcd7f666aab045c66fb499d78b377cf4a369b306f1b67e635195f5c4a5b

  • SSDEEP

    24576:uLjr3s2nScu1i1tz3f++5kRzFxk7rMxNeR1R9qpdxF:Ujrc2So1Ff+B3k796f

Score
10/10

Malware Config

Signatures

  • Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 5181d2e71e8e73a82712a483a80aaea94e1efa785f2b8b8ee9641544c0b652f0
    .exe windows:5 windows x86 arch:x86

    216df81b1ef7bc2aa8ec52bbeef137c9


    Headers

    Imports

    Sections