General

  • Target

    System32.exe

  • Size

    3.0MB

  • MD5

    e3bff589ddc242382d4c2bed7b148036

  • SHA1

    bb446839b08ac9a65582af2ef2619ddc0aefae19

  • SHA256

    fd89e744de4dfbedbdead51a0dafd5bf3e2722f361509abf2446e2a36482375a

  • SHA512

    e7caa6eee3524f952ccc51a7c7a372d6e4ee050b7d29a6d3a7b138556f3c2c558db0f801347ec1193840829e8050acbebe4a407007706fdb367418d476e80611

  • SSDEEP

    49152:oGnGJEZOIGB5E9308K6YW2qiTo+pWswnrqkqXfd+/9ATrgBWBKH8jkDVFCNXODzr:oGnGH1KBJ2RoqWTnrqkqXf0F9+KH4kp5

Score
10/10

Malware Config

Signatures

  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • System32.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections