Overview

overview

10

Static

static

10

b39a5e870e...3f.exe

windows7-x64

10

b39a5e870e...3f.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    193469583b38ba42e566518b6ca0ce67.zip

  • Size

    63KB

  • MD5

    1f5674696eeba297b53d237997b10dfb

  • SHA1

    09092b701057c670bb00a9dfc039c498bf5ec12d

  • SHA256

    dae810e81086c456fc0b372289e6e3df4c7df585b20b2d0d3ab7019309589392

  • SHA512

    2cc87a7edbc7dac5395eaa1de083538a83beb9a693c4fb05e4f8b2103105f82da3564cd069979f569b7e15c904696f4caacb5a36b81dca032fb508c5a3991f20

  • SSDEEP

    1536:Wwx/224tcJJOJ0x7p4kL+dPLWO1LdOgloUipyR08cVQqb:Wwx+2EcJJ/cP/1LP508Xa

Score
10/10

Malware Config

Signatures

  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Beds Protector Packer 1 IoCs

    Detects Beds Protector packer used to load .NET malware.

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 193469583b38ba42e566518b6ca0ce67.zip
    .zip

    Password: infected

  • b39a5e870ecc4b14df15bee9ed96bcdced834c9128df7d00ce8a44870644353f
    .exe windows:4 windows x86 arch:x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections