Static task
static1
Behavioral task
behavioral1
Sample
f8bb3c7c28ad6279b257469ae7e4c3e1952f50588894305ae473652add17a136.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
f8bb3c7c28ad6279b257469ae7e4c3e1952f50588894305ae473652add17a136.exe
Resource
win10v2004-20240412-en
General
-
Target
c3cf30f78c7564162412228388adb129.bin
-
Size
643KB
-
MD5
30bff4e2b063df7c5509cc5c89e80562
-
SHA1
a3327f3ee414b561e5db6751ba8c984fad194f85
-
SHA256
c16092d19ac4b9fd38a69536ccbbfad35f9d0a4525b8d6aa8a36f027597062f8
-
SHA512
516dcc48c5e10067133077332e57c073397a34a6e85e7b4e13dbbdb3bbf615232ab7376fc0c0782c0b6366be123b424896e7a80379b6c202568c7a2b5ec88c9a
-
SSDEEP
12288:cg0tNFDrZj80isJYU+4DyYWxRhGZBQguQhzz7tQPQN:n0tvDrZ4+EjuNuQlz7tf
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/f8bb3c7c28ad6279b257469ae7e4c3e1952f50588894305ae473652add17a136.exe
Files
-
c3cf30f78c7564162412228388adb129.bin.zip
Password: infected
-
f8bb3c7c28ad6279b257469ae7e4c3e1952f50588894305ae473652add17a136.exe.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 670KB - Virtual size: 669KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ