Static task
static1
General
-
Target
870cdf639a6dd069bac616b77b0cb1a7.bin
-
Size
1.8MB
-
MD5
5957284d2caffe563757e64d89d8154c
-
SHA1
d6d0488a77b5714d466d8bcc3429dc756be154e0
-
SHA256
ea8797f6bf9eef153945b926ac7a1a82caae9eac7e20dbdbb3738f072fc80926
-
SHA512
b495e042b200603b25678713cd3566f6a0a5a992905799e65ff5ab54d7343f221e9cbcd0f8ef26af269c9aa31eb3b434d7f063db04ae5523fb10956d5f81f6a7
-
SSDEEP
49152:OXGBK6tLz5SYZL5Qa5GQT2BUNioNju7UsF4b500a2FRAY:OWN5n5QaJ2WjeUsFWHhr
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/69ca3ddf71a6496576e5730364dc2f8bef8a54b78538fa4c1c38b9f64f19890b.exe
Files
-
870cdf639a6dd069bac616b77b0cb1a7.bin.zip
Password: infected
-
69ca3ddf71a6496576e5730364dc2f8bef8a54b78538fa4c1c38b9f64f19890b.exe.exe windows:6 windows x86 arch:x86
Password: infected
2eabe9054cad5152567f0699947a2c5b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
lstrcpy
Sections
Size: 183KB - Virtual size: 408KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 2.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
dgmfmfct Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
mheltris Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.taggant Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE