Behavioral task
behavioral1
Sample
a64c3e0522fad787b95bfb6a30c3aed1b5786e69e88e023c062ec7e5cebf4d3e.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a64c3e0522fad787b95bfb6a30c3aed1b5786e69e88e023c062ec7e5cebf4d3e.exe
Resource
win10v2004-20231215-en
General
-
Target
a64c3e0522fad787b95bfb6a30c3aed1b5786e69e88e023c062ec7e5cebf4d3e
-
Size
114KB
-
MD5
ffea1266b09abbf0ceb59119746d8630
-
SHA1
5df6d407f4629b9e4765ed96f19caf9a0710c2f8
-
SHA256
a64c3e0522fad787b95bfb6a30c3aed1b5786e69e88e023c062ec7e5cebf4d3e
-
SHA512
26cee67e5c5ff97424c845b98360afac00abf63486dec86c96c34ad1c25ca1c3289b9b12fbbe2f5a0678ae4f385be776a7d90888f3bbebe9a729914d0c5fa8d6
-
SSDEEP
1536:sBOoa7NO7QS7Q7d7QS7Q8urM7QS7QYgjKu1sPPxaSLyqC:sBOoa7MkSk7dkSk89kSkVV1qPkSuqC
Malware Config
Signatures
-
Processes:
resource yara_rule sample family_hermeticwiper -
Hermeticwiper family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource a64c3e0522fad787b95bfb6a30c3aed1b5786e69e88e023c062ec7e5cebf4d3e
Files
-
a64c3e0522fad787b95bfb6a30c3aed1b5786e69e88e023c062ec7e5cebf4d3e.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 900B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 87KB - Virtual size: 86KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 920B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ