Behavioral task
behavioral1
Sample
HELLO.exe
Resource
win10-20240221-en
General
-
Target
HELLO.exe
-
Size
232KB
-
MD5
3d44b09f3692fbb7e048e1168c001cba
-
SHA1
e4782b1348431efe4c89d0340fe23ab81bc0a3f7
-
SHA256
338f5bb747c33ad50cad75c3facd2f3103ce294a608666635d0b66a6ad2ce12c
-
SHA512
7b4824d0243ce546ebe607d519494a7780422e1f693aff8b82a122dd004d157524cc3e58a39c3ee9cfb61e8b40ae0b6cff593776b05d6956f7479c6e20692392
-
SSDEEP
6144:djFy93LU92VxOtVflFud4TnxcpPTASCmqMorHwMroS:ZFy9bPQZlFjrG0ZmYbw+oS
Malware Config
Signatures
-
Processes:
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource HELLO.exe
Files
-
HELLO.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
UPX0 Size: - Virtual size: 496KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 227KB - Virtual size: 228KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE