Behavioral task
behavioral1
Sample
f069c599fb95c28f7f92c4ecd5a7472efa44471f8d38ec6628b116d8518e5d3f.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
f069c599fb95c28f7f92c4ecd5a7472efa44471f8d38ec6628b116d8518e5d3f.exe
Resource
win10v2004-20240611-en
General
-
Target
f069c599fb95c28f7f92c4ecd5a7472efa44471f8d38ec6628b116d8518e5d3f.exe
-
Size
10.4MB
-
MD5
806b4399e2524e0c38ea076a4f5c4154
-
SHA1
0e133677799df2506404dc4b6e992179bdbe9f3f
-
SHA256
f069c599fb95c28f7f92c4ecd5a7472efa44471f8d38ec6628b116d8518e5d3f
-
SHA512
1d60fc9940e96efb0d8a1c8bede83842872fb981f4c3b8c7b74c38ca18c9ada92ea8262967128c951c1543a11f585244c6d45bc41ef8292a015036d651b8bc0b
-
SSDEEP
196608:KaUo1YyjJpXQlXZMJ0MowNZYx4S0BVoKLBFSlMDqAu7/1f6b+QFH2m5Yn10Cd:Kto1YaXQlXZw0M3zYy1oKDSlMLu7Ne/Q
Malware Config
Signatures
-
UPX dump on OEP (original entry point) 1 IoCs
Processes:
resource yara_rule sample UPX -
Processes:
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource f069c599fb95c28f7f92c4ecd5a7472efa44471f8d38ec6628b116d8518e5d3f.exe
Files
-
f069c599fb95c28f7f92c4ecd5a7472efa44471f8d38ec6628b116d8518e5d3f.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 1.9MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 10.4MB - Virtual size: 10.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE