Static task
static1
Behavioral task
behavioral1
Sample
2a79a215c4062fcdba530ef193c18671f38c5e2f87bc55270e77f8621dbf3573.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2a79a215c4062fcdba530ef193c18671f38c5e2f87bc55270e77f8621dbf3573.exe
Resource
win10v2004-20240419-en
General
-
Target
2a79a215c4062fcdba530ef193c18671f38c5e2f87bc55270e77f8621dbf3573
-
Size
316KB
-
MD5
7a983e05228617eb59e2583a99c011f0
-
SHA1
a76c01acb530654e3c2007d6ab56361fea06773f
-
SHA256
2a79a215c4062fcdba530ef193c18671f38c5e2f87bc55270e77f8621dbf3573
-
SHA512
ee76d466a474364c9692878236ec9c6e86c44af7192f25efeded774993a9c932853caca44c24974cedd5bc55a9d97b5f15a9fd06e05418ae4aa9037bc14d54f9
-
SSDEEP
6144:9rTfUHeeSKOS9ccFKk3Y9t9YTcPeLFZhTgp:9n8yN0Mr8TcPehrMp
Malware Config
Signatures
-
UPX dump on OEP (original entry point) 1 IoCs
Processes:
resource yara_rule sample UPX -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2a79a215c4062fcdba530ef193c18671f38c5e2f87bc55270e77f8621dbf3573
Files
-
2a79a215c4062fcdba530ef193c18671f38c5e2f87bc55270e77f8621dbf3573.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
FKP0 Size: - Virtual size: 18.4MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
FKP1 Size: 203KB - Virtual size: 204KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 7KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE