Behavioral task
behavioral1
Sample
2d79b32c557859bdc5d14460d8e978ab5a4aa6443221480679be130c7c3af240.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2d79b32c557859bdc5d14460d8e978ab5a4aa6443221480679be130c7c3af240.exe
Resource
win10v2004-20240611-en
General
-
Target
2d79b32c557859bdc5d14460d8e978ab5a4aa6443221480679be130c7c3af240
-
Size
15.8MB
-
MD5
caf3e0a6d2c5daeec96c70178511041b
-
SHA1
1ca61232d94b4b0d8f29f48b28e64ba8c15b4e31
-
SHA256
2d79b32c557859bdc5d14460d8e978ab5a4aa6443221480679be130c7c3af240
-
SHA512
d1519463baa1866b1ab2773e96c6fd0ad79acb147e9adfbd8fe1745c74a54c858c405f97866ff9b23c5f2e72bc35817fe7d400f2b0874c1eb514f9ba03487723
-
SSDEEP
393216:IRiTCCHS4y0WyNUHKoc8tQsvcsM+o4YkSbOTByWR:ciTp7yx9Hpc8astK7OIU
Malware Config
Signatures
-
Blackguard family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2d79b32c557859bdc5d14460d8e978ab5a4aa6443221480679be130c7c3af240
Files
-
2d79b32c557859bdc5d14460d8e978ab5a4aa6443221480679be130c7c3af240.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 15.6MB - Virtual size: 15.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 262KB - Virtual size: 261KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ