Static task
static1
General
-
Target
Donovan_quacked.exe
-
Size
2.9MB
-
MD5
1b321a9380cccac444f756c40e923a40
-
SHA1
f05b47164f5d1d4c722402eee07431444cb363f4
-
SHA256
9edbede51f4b220770cd192cc2bcc5ba9099db072d1c9fb5d1836b635d7c83ae
-
SHA512
8781f5ae62de5e31d19d646142c3a7a9d93d6da730cefe23424f4291cd43a54b919ac6fa28d669e9d1d290ba32acfa6f097d22379b5b4eea7ce2a9cf84e0d1c6
-
SSDEEP
49152:QzGHrErFiQ7oNPW69dJwA5JFdySXbr0gGXW/tSBSrbwDQt9n46V8hKXpe5DeqSrV:CiQkNPWqdJ3iSrQgPtBoq9nn3FZoq9n1
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Donovan_quacked.exe
Files
-
Donovan_quacked.exe.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 2.9MB - Virtual size: 2.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ