WSZO.pdb
Static task
static1
Behavioral task
behavioral1
Sample
e1302a180a4b617dbec5f4ab8c7e58492fc32af989f32fb8cdb4db5d9fe62e4e.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e1302a180a4b617dbec5f4ab8c7e58492fc32af989f32fb8cdb4db5d9fe62e4e.exe
Resource
win10v2004-20240226-en
General
-
Target
d165540c81717a55a387fb95522f4c70.bin
-
Size
635KB
-
MD5
10da37153353495bec5c239fcc71dc51
-
SHA1
3564c3419b0a48ff26de00b6e850b3bdf0ea17cb
-
SHA256
b101d8b6f3c338d800d18067b898f1987d3af899e258a8bc1c48a8b8ce0007b4
-
SHA512
99d7a88c7e88117192a69d05ff8eeac1f1ac5fdac9c157cdcac55c6132600e943c02126e58633edc2c6efc859d574c067ae0698bb244cd4423f642cd819a3927
-
SSDEEP
12288:WUQDCjnn8/vQm/e7W5Akwx9lo/exlGD1gdOiHRBtV4J4g7Hvx+lxn:WRWjnn8/vxcIwpoWqD1gdOixrVcPx+l1
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/e1302a180a4b617dbec5f4ab8c7e58492fc32af989f32fb8cdb4db5d9fe62e4e.exe
Files
-
d165540c81717a55a387fb95522f4c70.bin.zip
Password: infected
-
e1302a180a4b617dbec5f4ab8c7e58492fc32af989f32fb8cdb4db5d9fe62e4e.exe.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 657KB - Virtual size: 657KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ