Behavioral task
behavioral1
Sample
dbc962817c3ba3068b3cdff7cac610d0e3386b0a4ef09dfd185f7011668d1f3c.exe
Resource
win7-20240903-en
General
-
Target
845de5a60e1412c1b1cf62f94cf55989.zip
-
Size
345KB
-
MD5
f171cc892e6baf0300c65d71933a4341
-
SHA1
71b5cd3ae81331e5a3adbcc3964dba8c63d9418f
-
SHA256
d2b34552103d8be27bc969ee1a53b279396254cffd1742093fbefb25d084f6ca
-
SHA512
8a73b8ec0670d7353c52bda70b41116225ed2decc4eb4c8579bdc41f6bb82d7c6873ca0cfc20f7efc2e7a960c5379c76cb975d04c606ffe86659392b670dcc9f
-
SSDEEP
6144:EfR+V6mtuvjBDbUSvLi6SLhHKnzcAE4Hhfh/tuvNnie86cKRk7Cv4WZG:0RfmOjBkSvyhHycAE4//tANizGRk+vbG
Malware Config
Signatures
-
Urelas family
-
resource yara_rule static1/unpack001/dbc962817c3ba3068b3cdff7cac610d0e3386b0a4ef09dfd185f7011668d1f3c upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/dbc962817c3ba3068b3cdff7cac610d0e3386b0a4ef09dfd185f7011668d1f3c
Files
-
845de5a60e1412c1b1cf62f94cf55989.zip.zip
Password: infected
-
dbc962817c3ba3068b3cdff7cac610d0e3386b0a4ef09dfd185f7011668d1f3c.exe windows:5 windows x86 arch:x86
Password: infected
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Sections
UPX0 Size: 204KB - Virtual size: 224KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 313KB - Virtual size: 316KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.imports Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE