Behavioral task
behavioral1
Sample
d6e9c9f3ee88f7da4a817a6303e50762.exe
Resource
win7-20240221-en
General
-
Target
d6e9c9f3ee88f7da4a817a6303e50762
-
Size
3.1MB
-
MD5
d6e9c9f3ee88f7da4a817a6303e50762
-
SHA1
5d8de2fff3a28b08723d0206d2ee4101c3dbb066
-
SHA256
d4a2a7cf4196088797aa8df306adf19600eccdc0b75f4c992ca4c596d02e9ccb
-
SHA512
ebf6fd65353210995ed9af30dc97fd065b8356297af206373b3a031782264663af71cd913986816604caf918cca3b8c57b04b9b94b3b7db03c60256480e8b09e
-
SSDEEP
98304:QdNIA2b8lIpIta0Icq+KPtYulORjiCSHwdlPtqM7RcS4FIKU21IEfrNdSf8x:QdNB4ianUstYuUR2CSHsVP8x
Malware Config
Signatures
-
Processes:
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource d6e9c9f3ee88f7da4a817a6303e50762
Files
-
d6e9c9f3ee88f7da4a817a6303e50762.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 4.5MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX2 Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE