Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
Static task
static1
Behavioral task
behavioral1
Sample
bot_start.exe
Resource
win7-20240221-en
Target
bot_start.exe
Size
2.5MB
MD5
bf4a8b1ff2f896acac3e7ace357abfca
SHA1
c1bd1b3d2959d844f6b4e339f45d3749667df3e1
SHA256
e0d1d7c74b52bbd40f5dc85cb9b3ab69ae750d8fc3f5fbd15a98eed616c1ce8e
SHA512
fd7082a905540e23a5c5b6fd2717c0255ede2680bef16076f174d417bbeef4694e2fa82a8f9e0407cc160344cc194edd19ab40901b468c1695a1b8773e23e494
SSDEEP
49152:Tfx0DZfVUfCnJA3bxBLbsgyGKEQYdfT3kVYCNN5oUpwmJFkjQuQLLOet:l4ZnIlBvyGKJA3kVD4lIl7r
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
~��O#�i�W��qA�d��o �k����1�}w��=��7|�[>�#)vޒA���p�%�y��i�`�mt� ͯP�L����ո�Oo���/wh�uᖋ���0����/�(��2���de����ĩ룎��A���J7�/����F`�#�q[1����'�Q���"Y0�>0���HCJ-��DȚa]C6�{Ǖ��*^�k�@Ӆ��"iز1������H�Ôy�N釴k}*^% ��@�?����QgQ�J)K������)�f���s���Wy� ��O������ � ���~s��.��P �t������ ݿDMNF�n��07=r�Ϛ?B`3Bk�������~7s7�K�`Iy��O���PpxA[�N�%���������g��W{���E:�����]����]L�:W�RթK<�m���w��Ϋ�e��@i��d�F9��l����^;L�������+>(����Zf�,`{֣�c����J0>�o�(M�{��� �����JIzBð�����L�����7���v�*M�x7+���1H���S�~5����`�W줢O�G��5�����z��p�R�X�Ƞ>�:�Y��m\:zd�)&:����i%S��8u�Gr[�Ў���y��`�G��%��*Tb�9j����T'�H�s6#���j�$e���|�����x0�y�Q�������j1+n�E�����.�Ԅ<�l��P����H��e��T��I/��"���>���YD�;]/5klY���wr���^�O0�7ʙ�3���a����1��/yx�4�v�Y*"���T��q���C�<�_��8���g8p��Ah��@����Ib[J��Ԣ���l�N��N0�ɾ �8-��1����Cn����_�ư:&�E�Ά�@����k�3�����㛂cϓ�%<,��tb,R��� ѿ�J��[�ܳeDY �h~{��i%�,�1�N����p�>�Ty ��� b��dqw���I��R�o��3�ֆ���]m��!M���Bɰ���>;g��P(�D3�hBS��[���bx��� �&s�q����m�S���Ug"'e(ӘR��Պ���#��w����-b-��)m��y��!�ΧC|I]6k �w�)̐�#!�N�r�E��j����8�e������g���Xp�J8��D ��q��/��q�&U����j���LN�]�y�AZ���{}��)`$]7���a>��S�)��Fs�LbÞ���))�z�A%��*��0@���st�����yu��7^�9���U:L��/{�ս��}AX#?��kKK��C�[�ᮁ�;E��]�!R�U�����W�����;;�F�f��TC����[3�(���������"�Q�:�t����+$���>�˜�摪#����bm�ڔk�r�_ʦL���p�>I�xu�G�Z��ZT\xb�n T>e�dCDg�'m���)����_Pv��።4~��#l�J��/%R|Fie��H�⩎πPq<f:Ht���r_h�ߵ��;j����q�@)ю�#��d�m^��������Q�[�煷��Y\9�@��>'�dѠ�{�� :���Y��ʁ��Hǂc 1f�Ľ�ǒH��[��fF��6���EZ�baͿ��"�����o�����|�y�VCv�"g�#�GKK�fn��1ȁ�0K�W��LW;���h7� K[i=���e���qVP�����RG`n|��-v!'��͂F4��z������~۩�h�eO�Ii_q��|l�~��)�"<�����f��1�ZXHyG��]Ŀ�AIe�ʠ�h}��9��㻑�S��&�T5Y�`�AkO�9 l����>����1�-�ȿ��D�rN�|�k<&��K�22<�~�?��/�}H�[Jn���,����cP�;�J���G�íޚ��^�n���߽�[@* ����m'�4�I��1 �i���`��hx�!x��{d&,[MɃZ�8/&�BY�h�c�}�RY�i:�����GY�a��C��� �$�gT �?�3���`sL�/6k7�tֽ�d�i�Z�M}�)��}ިJ4�l��n�Q��%��I ��Kt�Uߨ ��mvG��E%Ʌg���2�"�gd�EN۫t��TBbEdε��Z�2�4_> �)) �[�����bJ��RY�̕K��ni��j Kޝ��-?�7~��6�q2A��>��s���K���)�0C��^]^���S���f{���$�0u������^$�<�%��i��)� ��*���L8�3��G���.�W�g��b0�u�$B7y��d�p�� 3����@�!r,l^���R1#�Q7������}�p����� � ,HuMe���Ω R::��#[ d-���m�z<��c�aZ����L��d�+QMH�*������G�W?`u<Z���Ao+ӛ���;ц���*��DPza�<��M>S������3$�Q8���f*��6�q���������F�i��������Vܨ��T��}A�����A��j��#�T�]�6��g� �D�C��uN%1^���x�rÏ4��]����ͭ��k��"�p�6��߃Mh|��h�Y����K�8k��I�"c�h���?��@|�HD�CoMصS���v �u� ��T���6����~e�Btӕ}F�S�A��]�`�a�u�$4;ܒ0]���5&D'�c��b����u�@�C1�m��X��m�Q�I�y�ˍh��.���y�hI�c���iM�QO�D/9�ޤ�����Ґ.r��3j��� S�j"z_ⲎX�_���a<���X�Gx���R^Ɲt�~�;{q��,���#A9,&�"4f���%a<h�g�V�� -�3�K�y}7���2pw%U�\|�����+0t���F�����%�P~�(�:�@ S��71��t�R}����G �c\��$H�Q:_���H.nmv�koH�=��)iZ�;qgլ��A.������b�ʷ��s��+bh�*66!��[�y]C�L��h�e�O��$���V�{\��6�H��jmƕey���@!j��N���F<Q0J0���i�ܜi����Ŏ���Av��Sد+�-N�Ut���*��{98Eװ�F"1��?���֪���]��.�:<�V�7��J�Ŵu�'��'/Ad.}�k�? _"3=q��)�p�JFZ�vMI��ɳ�Jd���]�q5�UK���R��U]�'������t7�R�a����&o�������]٦��Օk��Y����qs� ��tf��K��p�^9Q��e��`ȡ-����7؏��M��{F`��V�%�XL0?�����5�b��Y� o�c�YXc����?�b_�Mrt�&��b��rK�&)�s䤧Oa��"n�,����m�g|�4���J�vI��%���ɩ���$Ϟ�P�]��ɠ�߹�?w�g�L��¡k%�M�ΕՒ��q4����F�9��?�2�S/_����/}9
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE