Static task
static1
Behavioral task
behavioral1
Sample
SARL RABINEAU Order FA2495.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
SARL RABINEAU Order FA2495.exe
Resource
win10v2004-20240226-en
General
-
Target
0334e0c91b331c229c4d75542ae16d8f.bin
-
Size
600KB
-
MD5
60b2fddc7b79efc2a196f48ace9c6253
-
SHA1
2309921a5ab59338329410aec0ce1cb4cd99b92f
-
SHA256
45537e7f3901192c72edca7db2c1c69e900f7fa6a14b32787776d50444c1321c
-
SHA512
d015e14e63c104979726f7edd3be9cd73a8357c96bb970d3abf872f09d147158956a1299d3412ed40637216f7b589b8c12092c886b8ef1433a02dd5d63e3151f
-
SSDEEP
12288:D4/QMBA4ZYmX2wxf4/deRN5qCYFWT0hD4gjMezqWngLzikQMo3tzUwQoE+:D4RBA4ae/NRN5XYFa0h8gge+WgTQMo3h
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack002/SARL RABINEAU Order FA2495.exe
Files
-
0334e0c91b331c229c4d75542ae16d8f.bin.zip
Password: infected
-
b9ff68d1e5f12ea6138a81bccaa9f6c892b9db34b39ce0d184d163af83769d02.zip.zip
Password: infected
-
SARL RABINEAU Order FA2495.exe.exe windows:4 windows x64 arch:x64
Password: infected
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ