Static task
static1
Behavioral task
behavioral1
Sample
cXPFfk0pBp7bEsb.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
cXPFfk0pBp7bEsb.exe
Resource
win10v2004-20240419-en
General
-
Target
16837819264.zip
-
Size
648KB
-
MD5
486884fb1c1bd0c002fe0ae5a1684fd0
-
SHA1
7323aeab0130ca88bcc97d8cbb9a7e74a383dc65
-
SHA256
72fc32877f951da6163a0ed85db7c02fb9e41112da8be513229575f9c312eb34
-
SHA512
8a4725d615f3533503ff19d4699ba68f0f1baef784e6ffb1f52612c67b1105492dd7daf4e7742051c88b2c0de89bfb789d2346c297eaf8062a6b9f862cdd64e4
-
SSDEEP
12288:xmvGJ1sb6bpkWtGHIgc6cFcS8bmk/7vqcrkyztpesklktvO47OVOpfQm83Fn:xE8uIpkWMHIg5cSP/7vqsZklCvO5VOAh
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack003/cXPFfk0pBp7bEsb.pif
Files
-
16837819264.zip.zip
Password: infected
-
a6ebe5502b666ef55ff9dc168ce6c2e7cd72ee350b9d526713cef91b779afe9d.iso
Password: infected
-
out.iso.iso
Password: infected
-
cXPFfk0pBp7bEsb.pif.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 662KB - Virtual size: 662KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ