Static task
static1
Behavioral task
behavioral1
Sample
c9ca20d0d00ce8644fad6f4fe7c50218f810b42e19f86d73581ae67dca9b070d.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c9ca20d0d00ce8644fad6f4fe7c50218f810b42e19f86d73581ae67dca9b070d.exe
Resource
win10v2004-20240226-en
General
-
Target
c9ca20d0d00ce8644fad6f4fe7c50218f810b42e19f86d73581ae67dca9b070d
-
Size
292KB
-
MD5
a3bc5a1f20e21874d56c71282c3104fe
-
SHA1
90e6f287921d4a59ee7df91dacc191ab1645fff9
-
SHA256
c9ca20d0d00ce8644fad6f4fe7c50218f810b42e19f86d73581ae67dca9b070d
-
SHA512
ed8966e993aa10c42b433b8b1f09ea8087a2a63869adacfb3c27eb365fab43259581abc265279fa6fd0b7c1087867b70d1a36626ec0ff39b5ade35c653b2fecc
-
SSDEEP
6144:dXC4vgmhbIxs3NBR3BHgPZacfQbdErY1iMbnz3Vq8ukh6KQFZE:dXCNi9BHg0VbWGX3VQp2
Malware Config
Signatures
-
Detects executables containing possible sandbox analysis VM usernames 1 IoCs
Processes:
resource yara_rule sample INDICATOR_SUSPICIOUS_EXE_SandboxUserNames -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource c9ca20d0d00ce8644fad6f4fe7c50218f810b42e19f86d73581ae67dca9b070d
Files
-
c9ca20d0d00ce8644fad6f4fe7c50218f810b42e19f86d73581ae67dca9b070d.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE