�5 M��3�Y��9kfL�/A�&�(%̖-�f� �!��[�Tk�_ۢ�<��u:�]83$.-F������,��$ �[5��@�N��;m؛�a�znS�Z�Z�h:T�u P ��[{���wwG���B5�H ��t�Z$<�j�e+��Ui1̭#�2t\!ZO���]����{� ����R�͚���EnD��9����G� �v�m_�d_O�6ECop]D$������ci�HN�5SAϷ����ݲs�T�'n70�Y\oktخ��~�R�R�+�,)8ӏ7Ov��=�甠�a]G���qdմ��48d�5���A�][ܭ٩�0FY3R�b+��2�_��M]���\��$����@�M�s�K߄wZ�2Y��[� >&oQ|�P����/C����o�n?�,x)A�@1t���I���>Lmu��W[��a^�Y���I�����|��vu�Q�Q��h�DYN�<:�Qu:��!�z���qJ����0����ͯ��;� ���A����C`-����a֠}Ȭـ�~E2%d�e�̜�䤧)��\ ������A�����9��`�lN�v� �VLO^�7?�/�njX��L���,|�-�.��{�(Pu��~?�&��Y& mZ�Y�<�0On:.x��>��-��WU�ܡN�FA��4%����H1!![`��mV+���K�F�~[��D��������������k���On�b2������x����h�0S=P(�id����ӿ�45��@8���S�(�TهF��F�fX���-�Ca̛YS����΅pl�ŗ�k>�S�i�\X�D��)��\x}EhD9;���_h��i�/�ӊ[���SBp�U�h�����6z�A�J���c�6�Zt�m���������AȀMU���rR�lrh�a��[�rif��n;Kwy��6��F�����P��R�����ni�cB��4^h��8ڿ��yW��#f���ء�脏�(qO��z�<C;�X�4���ʤk��v�-^����? �G-Ew į��gN���PҰ���������G)<]�W�C�.?a���u��$��M]�L���B��!Kd����pQ���U�fw� ,�$��i�'��.���ծ�,KI���y�ybn�:�ƾ�Ȩ�S�5��=Һ��F��[�B��5��x�F��������4�s�����R�Ef��$-�y��)�Q�䉟;v ʞI�S��5��F:b�����£)�`c�j���Q q(�:\�0#�S�"F�!�s�����@�R��,�B} 液����@x7,O�'��̴�q�@�r� }����"��}�{Y��ʁ�$UD�����a��U��X�����CO�O��E������ڰ ��;���H ��V�-�:&0?�� )����q��fe� B8��Ч� ��B�~��+�P��:���ZW�W�����E6�RK�Ҹ� z���B�I���K� �?�H�¹����ߋ�v�#�P�YxzV1��� P�=��>Q"�z�$��U���"�lb/�K'u ����\O _v ����+�fe�cqQ@�3'���/n��qG�ٰ���ꏾ}�������Ԛ�-���!o��l��h^P?���P��n��*�#6c�+'_/�$qDx���٦*�D��\Pj]RQ���i[�h�e`Ot�����o,���{ ;m�ڲJT�\y�`����_��Q��3��j��h�0^Cm`��pn�����.}FQ�f�F���1j���'���?.l� ݉��WK d���!�!�k�g v0^��Ï�Q4��YlT��k)����ĒaLk�!>%��o(W��+�g��ʵ�J,>�����j�Y��Ӭx����!W�B>�t��p�U�aܖ�Q�X@$y�ߟ�,�K�ͯdٺ���OSgx� ����#���Uq_�P��wꝜ���`"ڠӽSk����2~8��n��l�����Ȱ��D�X6���y���V8����M�n�HF���RG=�*1�1 ��&K�"q�U� ?��:���k ��x6M�;6>=��wA:�Ӣ0���cy^H �VO�Kb�>������)S�lr4��Q?mҤ�5ɝ�.���J�/���(!�}��e��5"�~%>�ف/w���j���0d�^�"A��F�\�Bڞ�R�:�Ӫ�2D.:�Դ��H�U0���)������ ����Ď������c�|�|�痢��z�~�9�Ɵ%�{f�����ul0dx�0����m�_��"�nKRejp�Wֻ�Ď�v�.��t�|�\S�&�����r1T �i�[W�Wsr �����_�82�a�֜�q��X��U�j)�`I���d.cܱ�w���lA�ӫ�ly��`�v�x���xa�X��;�{��S�����V�Z�ƴ�T �^�y dJ ���4���P�F�D��ck9��(�E�BfM�b���O�c���r��ˀN�����rhȀ��i˭� ��ȴB(�����sl��Ɲ����l����� ��?��*"[[<|[����5�{Z� 7ft�!/��m#��.k�̅�a��l(���;����H ^J̆hY�Zoڿ��N��-��v��#�<OfY�1��`P����SI� �~q"�x�f@��!�*�����a��z��>�M(�C� ���<�������%z���ۡ��X�r�i*ՖwǏ$@�4߽OՍ}J5���^�fG��" �ԋ,x��M� b�N�r��=ׁ���������W� ç�|���S��g�ós?�xU�5���M�`���_H�Nt�?����m@i��m�h@�-�KC]��KJ¨*�5�����:�8�:y~�l��\�tJ�P[��c���� H[CO�L���m �y8��"LCG��˟h�q����� *���&�� U��bNǃ�_ Q �p��� >�')n�Ojl�:�֩�9�/o���[����T����U̕|�W��e�|3EU�A<�'n���Yv��n���7$H� >*]G�MC \L>&}��8�-(wx�,qR�"gZ8|�m��� ��~�6����'o�����S��R�0@��&s��y������M���"�*2��g���>/U��pa 2��[<7� ���JƧ䍮f�f�}.;�E��3��t��>AB���h0Ba�����iMV�]fM��7�)�9�����P�A�LDT�Q�����t�:xb,}��H��b���GoZ���w���j��h|g��Y���zbHk ���,��|�mia�>����|f���vo�� A)��~�6�뛡w��L�HwF A_�"�qt2� ��,&sW}�o�`ZK�lͰv�ƶL�W�_˦A��8L�*_�E_:boJ'�4�BU� LF�Ыŵ��#v������������ �:�(킩C��jdZK|T $�J���'I�Uߡ���,� �bM#Z��G��4�����2�p�A���Q�e�w��U�JFZzFR#&�a���Es��@�]=I+]���~`LEj�Y0�{���r���r�S+��{vz_�3����c�ZX� ��:����h�-�D�T �U�/�e�\�DW ީ(~w��w3X�` "���>_9�"�s������̓��S�3�<M+\Jġ��1@Wd.����
Static task
static1
Behavioral task
behavioral1
Sample
f84db64409fb5faf6d474199daac5910ec3d83d1ad7e72d129da19bf79f1c1ba.exe
Resource
win10v2004-20240426-en
General
-
Target
f84db64409fb5faf6d474199daac5910ec3d83d1ad7e72d129da19bf79f1c1ba
-
Size
3.0MB
-
MD5
43d39911a77382a8190c7ca7f28e68c0
-
SHA1
56237f5c9a7364ec06a27fd151fc52bcdbb07e82
-
SHA256
f84db64409fb5faf6d474199daac5910ec3d83d1ad7e72d129da19bf79f1c1ba
-
SHA512
76bc65c42c7ee903162e186e7e6fb6bc0c0773b7b57471166159c378ead5ad6f79b7ebfe6583e753261e1b8cc9ec134385b16e097a8092ed4ec1e2a55d200c13
-
SSDEEP
98304:XpP1MQQ+/c0J6ExDFcnaZEkeOVfgzxtY:XpNMyJldWaZEk/Vfgzx
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f84db64409fb5faf6d474199daac5910ec3d83d1ad7e72d129da19bf79f1c1ba
Files
-
f84db64409fb5faf6d474199daac5910ec3d83d1ad7e72d129da19bf79f1c1ba.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Exports
Exports
Sections
Size: 586KB - Virtual size: 1.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 64KB - Virtual size: 160KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 2KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 24KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 44KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 202KB - Virtual size: 7.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 2.1MB - Virtual size: 2.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE