C:\Users\Maxim\Desktop\crt\Новая папка (3)\XyetaCrypt\obj\Release\XyetaCrypt.pdb
Static task
static1
Behavioral task
behavioral1
Sample
Bypass.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Bypass.exe
Resource
win10v2004-20240419-en
General
-
Target
Bypass.exe
-
Size
825KB
-
MD5
c50cb2d89627c4692e8f4fa4883515dc
-
SHA1
8b0f375062dad2529dcd56206418ecd80caee674
-
SHA256
dd515c6d05e63cf5055f3667b776a6a81018501e75989a4aa34951d4e0b18d7a
-
SHA512
9ffb3b04806474de58516ce26766134c7dbf40bb765d1b83a8eb13d90c021b9e349abb0e735cd6da39c71b35eebd4c65877ac134d7ea2a1ca2bb97ad4ad0ffff
-
SSDEEP
24576:K++RmSlgqgj7P3HBqvOtC58wVPCRFizYrtWrFV5v:K++YkPM4WtdwVC/JWxPv
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource Bypass.exe
Files
-
Bypass.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 822KB - Virtual size: 822KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ