Behavioral task
behavioral1
Sample
cf389a6edfd132de5bfeb2deb343d5e2.exe
Resource
win7-20240221-en
General
-
Target
cf389a6edfd132de5bfeb2deb343d5e2
-
Size
401KB
-
MD5
cf389a6edfd132de5bfeb2deb343d5e2
-
SHA1
42a47204b264bf4c1bc00f38fb8a9b345dc40028
-
SHA256
614c3bbd21decd89fa9045ef7960de748ddd0ab3574645441ca014f81e1002d9
-
SHA512
92044df4ae0004069efe3ac598ad3dcc4414d5c4736143398200499d44c6402e0728dfcb8a9593a6f8e14ce96a9ac9f774451ae509a5d2eda724bbc523c9cfbd
-
SSDEEP
6144:85SXvBoDWoyLYyzbkPC4DYM6SB6v+qLnAzYmhwrxcvkzmSBrohCR:8IfBoDWoyFblU6hAJQnOC
Malware Config
Signatures
-
Urelas family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource cf389a6edfd132de5bfeb2deb343d5e2
Files
-
cf389a6edfd132de5bfeb2deb343d5e2.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 106KB - Virtual size: 105KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 6KB - Virtual size: 18KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 225KB - Virtual size: 225KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HJSDRTRW Size: 25KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ap0x Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE