Advanced Defender[.]exe | Triage

Resubmissions

09/09/2024, 08:35

240909-khbs7azblr 3

09/09/2024, 08:34

240909-kgyxbszbkr 3

Sharing

Copy URL Twitter E-mail

General

Target

Advanced Defender.exe
Size

1.2MB
MD5

f1fb04ed2c89d81fbd8c8d4a1247f27a
SHA1

38d0e6a193f210adbd6f10322ef07dfc48d3d8e1
SHA256

8f45906b602934bd42ce6c8811e744afd7f24448bce3e9a6e2b50bce6d85a43b
SHA512

f23fd8b7e4033acf1806ec3be30bc8dfecbca08251e30656f7e8cce2823d275f4fe8322ae2845e0b504a4dc60982c3c3aa56eeaa0c9a6bea86c1e54a672ee84a
SSDEEP

24576:xdvrl3MhAwRpcF3UVVbdPt3Up+geuI461E8hmdZnsNyCC0re2S:LvW1K3U7JVgdeRJ1E8hOnsA0y2S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Advanced Defender.exe

Files

Advanced Defender.exe
.exe windows:4 windows x86 arch:x86

307b7c38293e0238cc18aac5fe10cf32

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
VirtualProtect
GetModuleHandleA
ExitProcess
SetConsoleScreenBufferSize
Heap32ListFirst
GetLastError

advapi32

AdjustTokenGroups

Exports

Exports

Rvrerdlvljh
EndHfljiwg

Sections

.text
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.jdata1
Size: 16B - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.inull
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ