Behavioral task
behavioral1
Sample
d16d445722fcebd5b2c37bfe3ff79036.exe
Resource
win7-20240221-en
General
-
Target
d16d445722fcebd5b2c37bfe3ff79036
-
Size
180KB
-
MD5
d16d445722fcebd5b2c37bfe3ff79036
-
SHA1
ecace6bb09004314df7aea2bf9ea254c0d4f4f9c
-
SHA256
fee37357fdf781f827d0c1231eadf4a30b66f6081ee04ca57cbc9a5100c7540a
-
SHA512
ddac6af01f310aa62f1468992909693956d98ace8507086cb1542781976d9ee29ac35cef2797809afa6871bfe795c73cec6e396382223127a60da35e5c68007a
-
SSDEEP
3072:z/5KFl81i04l2Fv2f9tMUr6of9MRNwda7KVr0cHneunw1oN:z/5KFl81jDv72RFMReGir0cHneMwqN
Malware Config
Signatures
-
Urelas family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d16d445722fcebd5b2c37bfe3ff79036
Files
-
d16d445722fcebd5b2c37bfe3ff79036.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Sections
POLSJDKW Size: 124KB - Virtual size: 136KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
POLSJDKW Size: 55KB - Virtual size: 56KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE