UaLB.pdb
Static task
static1
Behavioral task
behavioral1
Sample
NEW ORDER -RA2000000056.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
NEW ORDER -RA2000000056.exe
Resource
win10v2004-20240226-en
General
-
Target
eaa65962797ce68df837f88961ac895a.bin
-
Size
665KB
-
MD5
cc9af0dc2b54ce4d7554f51e7abffcc2
-
SHA1
9d28e9ff80936eb2fbe48ce7e8dbef3226e71f26
-
SHA256
7dae38ff17d7ade4bdc83b652121a1b90281e5c915f1d91f04ffae1e64e1e948
-
SHA512
6abe66f52b13a298d82e844824d82dc301f1a8ce3cc08ad8533f80285d84edf7110caf5f8cfcbe907a200ae79673e23e779cb68f5c09f9da1f2c54b89633b884
-
SSDEEP
12288:+aIRGu0Pl2hnFADjBayTMGtulAHn70eKtyNAqlSAwKF0yvY/Up6d6AdSZs2SPqfP:+n45sh8QGNulG70eDNAkFtvYzdNnQP
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack002/NEW ORDER -RA2000000056.exe
Files
-
eaa65962797ce68df837f88961ac895a.bin.zip
Password: infected
-
de47dc3211a804a39c03c4f646ca0f0b1d95c092a0cad1e61db9196394613beb.zip.zip
Password: infected
-
NEW ORDER -RA2000000056.exe.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 724KB - Virtual size: 723KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ