Behavioral task
behavioral1
Sample
0baa84d4b855d23fd66ad50914680bc128b6db7a83485fc813d2737eb86b9031.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
0baa84d4b855d23fd66ad50914680bc128b6db7a83485fc813d2737eb86b9031.exe
Resource
win10v2004-20240419-en
General
-
Target
0baa84d4b855d23fd66ad50914680bc128b6db7a83485fc813d2737eb86b9031
-
Size
120KB
-
MD5
11459b479c8d64f3b847f9b96372f123
-
SHA1
fff23879432710324eade7f684094579c69add8c
-
SHA256
0baa84d4b855d23fd66ad50914680bc128b6db7a83485fc813d2737eb86b9031
-
SHA512
c7bc0e5f3d5a1a78124ec4918ba92c3f08ff5080173687f41ce2e4fe3673c879b20844d795d1054c5b22d731aca803fc87d0d940aa6c389b6c4b202fee0ee400
-
SSDEEP
3072:aDOkexJLFdrPZ1Tj4mYWR/R4nkPR/1aVuyJsf7tETol33wAx62Nv:aDOxZXPIo5R4nM/40yJc7tl33wS/
Malware Config
Signatures
-
UPX dump on OEP (original entry point) 1 IoCs
Processes:
resource yara_rule sample UPX -
Processes:
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 0baa84d4b855d23fd66ad50914680bc128b6db7a83485fc813d2737eb86b9031
Files
-
0baa84d4b855d23fd66ad50914680bc128b6db7a83485fc813d2737eb86b9031.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 60KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.g Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.qhw Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE