Behavioral task
behavioral1
Sample
72bccd1021a425fdbf2f6fd8cc131b647f1a8ea910913ea4d06147a6628d1afc.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
72bccd1021a425fdbf2f6fd8cc131b647f1a8ea910913ea4d06147a6628d1afc.exe
Resource
win10v2004-20240508-en
General
-
Target
72bccd1021a425fdbf2f6fd8cc131b647f1a8ea910913ea4d06147a6628d1afc
-
Size
38KB
-
MD5
023c7372d93820a978adefb4e7846132
-
SHA1
501de7d77cbbc23139e7257f2728bde968d6022f
-
SHA256
72bccd1021a425fdbf2f6fd8cc131b647f1a8ea910913ea4d06147a6628d1afc
-
SHA512
c40bd5210fd3d3713f671ea2117f36b47a7b454a95a755e1b3ae8951e5d8869266e2ca0149bc586f6bd2bb6c515e700a08e8d97e3819a67cff06dd73701bebea
-
SSDEEP
768:bJL6GZ3qFFt1tjuLZIiZs3fArWs6adCFmbDE:D3qdLBiZs3fAUa3
Malware Config
Signatures
-
Ramnit family
-
UPX dump on OEP (original entry point) 1 IoCs
Processes:
resource yara_rule sample UPX -
Processes:
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 72bccd1021a425fdbf2f6fd8cc131b647f1a8ea910913ea4d06147a6628d1afc
Files
-
72bccd1021a425fdbf2f6fd8cc131b647f1a8ea910913ea4d06147a6628d1afc.exe .vbs windows:4 windows x86 arch:x86 polyglot
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 64KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
UPX1 Size: 35KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE