Behavioral task
behavioral1
Sample
DarkNight.exe
Resource
win7-20240221-en
General
-
Target
DarkNight.exe
-
Size
3.9MB
-
MD5
d396e70e3da1b5c0c8414a524971b83e
-
SHA1
928fcd454a00ec2141fa0b1966ae509235c4c6c7
-
SHA256
b8022c1aa5f5f6220ffce8f3f473bb8078bbf171fa00e50823bc0c79946c1121
-
SHA512
dd66a02df8456876b89fc913d4e0e3c60324cb4adb4dd4c3a39babf0a70a6f4f10eb9d610a6aa86576746e5d9e458c85fbc320b708949a164c43588c9aaf9d4b
-
SSDEEP
98304:8O6Dchp3YEtEbfY514GcOIjRy9NcrMcLAAW8bapEUyB3pm1:8OakRObogOdDcNL08ILyu
Malware Config
Signatures
-
Processes:
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource DarkNight.exe
Files
-
DarkNight.exe.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Size: 1.0MB - Virtual size: 1.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 2KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 15B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.imports Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 4.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 2.9MB - Virtual size: 2.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ