pHgu.pdb
Static task
static1
Behavioral task
behavioral1
Sample
ad30717124ef4c5f7e542f680a0ab098fccaeb4f92e99b2c644f112af2c5d43a.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ad30717124ef4c5f7e542f680a0ab098fccaeb4f92e99b2c644f112af2c5d43a.exe
Resource
win10v2004-20240226-en
General
-
Target
dc99e0615c24fce5a1478d7de587a565c5e62b90879642e8442da9a3827fcb5c
-
Size
666KB
-
MD5
f2b9d62c09ab2759b02b99e5c029370e
-
SHA1
20527a71b9ee37753dcce46468d75cc33fb5c704
-
SHA256
dc99e0615c24fce5a1478d7de587a565c5e62b90879642e8442da9a3827fcb5c
-
SHA512
cb6c62b763d21597d25307720f05bf5ec25618246c87cf45953e78409323e0650167c894638e531f3f3111b41ba5de78805d751c4bf154622565fc060b43ef61
-
SSDEEP
12288:DrnQwGSi8q0gYd+3DDuFcUa5j8Obo67zIdlakurXMgKgw6UnGbeN7BBgIqQGs/MZ:DzGSi8q7mYDupa5j8H6fIdQRX9FUseBe
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/ad30717124ef4c5f7e542f680a0ab098fccaeb4f92e99b2c644f112af2c5d43a.exe
Files
-
dc99e0615c24fce5a1478d7de587a565c5e62b90879642e8442da9a3827fcb5c.zip
Password: infected
-
ad30717124ef4c5f7e542f680a0ab098fccaeb4f92e99b2c644f112af2c5d43a.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 678KB - Virtual size: 678KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ