Behavioral task
behavioral1
Sample
d0be347179715db77e40ef4a50439da2.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d0be347179715db77e40ef4a50439da2.exe
Resource
win10v2004-20240226-en
General
-
Target
d0be347179715db77e40ef4a50439da2
-
Size
946KB
-
MD5
d0be347179715db77e40ef4a50439da2
-
SHA1
4b94bc600735eb5eed60a471dd788e7d0e2586b8
-
SHA256
767c367613633db9798a37c366a0166e132bef1ebd74b7a51c28711d42bb1e83
-
SHA512
2d56ead24db04d054fac5c737acb99449cb9317ff3865db89d7dded4d72cfa702d129850504d11b1abe85367cad5f40c0524d1b6fab86b33aa7ae238b7ea8e40
-
SSDEEP
24576:wSW+8M9O1qYOrrfGkFpuJieh6NvZKPubpeM:U9NPOrKkWJieh65Zte
Malware Config
Signatures
-
Processes:
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource d0be347179715db77e40ef4a50439da2
Files
-
d0be347179715db77e40ef4a50439da2.exe .ps1 windows:5 windows x86 arch:x86 polyglot
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 2.0MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 942KB - Virtual size: 944KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE