Behavioral task
behavioral1
Sample
68f3bf5dd667a67b986f0831811ee9dbe9ad372e54e5566cd09fb76d84d08186.dll
Resource
win10v2004-20240508-en
General
-
Target
68f3bf5dd667a67b986f0831811ee9dbe9ad372e54e5566cd09fb76d84d08186.dll
-
Size
42.4MB
-
MD5
c498e1267a56d45eaf265e4c892ae879
-
SHA1
1b796f14bb72c26998275c11643a3ffb6fed4d2d
-
SHA256
68f3bf5dd667a67b986f0831811ee9dbe9ad372e54e5566cd09fb76d84d08186
-
SHA512
a71b426d3681c4f7f079e2f847f6d1dc30fd7c746dea3580be0bb2a1a8198895dca7ff2d93325ead83e265b89534282def886106b4fe526a3d18470c81f016f4
-
SSDEEP
393216:cBkHQAgLm3eYXcR4Gx8j7p17dSfqAUiNavFFLCrfsonAc+y87Wn:c7yBcipAUP9MdAcv8y
Malware Config
Signatures
-
Guloader family
-
Guloader payload 1 IoCs
resource yara_rule sample family_guloader -
resource yara_rule sample m00nd3v_logger -
M00nd3v_logger family
-
HTTP links in PDF interactive object 1 IoCs
Detects HTTP links in interactive objects within PDF files.
resource yara_rule sample pdf_with_link_action -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 68f3bf5dd667a67b986f0831811ee9dbe9ad372e54e5566cd09fb76d84d08186.dll
Files
-
68f3bf5dd667a67b986f0831811ee9dbe9ad372e54e5566cd09fb76d84d08186.dll.dll windows:10 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 112B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 42.4MB - Virtual size: 42.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ