Gmln.pdb
Static task
static1
Behavioral task
behavioral1
Sample
4d907c3d7974732445e036c17d48ffa394628c26a25c5eac76eafd101d4299a3.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4d907c3d7974732445e036c17d48ffa394628c26a25c5eac76eafd101d4299a3.exe
Resource
win10v2004-20231215-en
General
-
Target
8ce7fa07609ee715d17d41ebcc2036d9.bin
-
Size
628KB
-
MD5
28841e256cef5ade62f93251d0f0595f
-
SHA1
a582ff51d55bc2cf60ea79ae0e7e7299ee30f829
-
SHA256
8bfbcda7cfa8560657469906da64d45c668e885586995e044beb402191e3bd0e
-
SHA512
cb30d5e75f86b60cd99711a02f44f7d0e224368381a282c9d50c345f533e0b0e843afd4865e3b66a617e27ba5157d4c9307220fc4e217cb71acdcde0c514717d
-
SSDEEP
12288:QOOOEi2S0MBZdBjKmvuAPDB4f72cBEwmLXn1FOT3sAyMRuBvUlJVdW:+OEi9vBZvp1iDmLU3s3WjW
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/4d907c3d7974732445e036c17d48ffa394628c26a25c5eac76eafd101d4299a3.exe
Files
-
8ce7fa07609ee715d17d41ebcc2036d9.bin.zip
Password: infected
-
4d907c3d7974732445e036c17d48ffa394628c26a25c5eac76eafd101d4299a3.exe.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 681KB - Virtual size: 681KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ