Behavioral task
behavioral1
Sample
fd9725ecc7ed625c2174660e7f51f647fff9474f4c21c8ed84e0608bbcc5a409.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fd9725ecc7ed625c2174660e7f51f647fff9474f4c21c8ed84e0608bbcc5a409.exe
Resource
win10v2004-20240802-en
General
-
Target
d6f99a0cc11e32ea897bc97a319748ab.bin
-
Size
558KB
-
MD5
29a360e330aad66b2b5b4947a973e699
-
SHA1
ce5da037244430628d3d5317cef75edf5d6221a0
-
SHA256
455649189a1cfad01fcbb626a27061c25c610851c80d74e527dfbbf29617b553
-
SHA512
e97ca4c5a68bdbe49524b4aadfa87783c9bc08c1c2adfd67da46e6043367479a2d6a0c60303aa8f275a0b0cfbe16c0dd14f49477e1dcb5184038820b5d5a0bce
-
SSDEEP
12288:cUp5dfk+oxbYT5MH6dVOI/XkJyC3xl1Zblikqt2iLrMmcUCME7ErJI:coDfkT8TKoOE0/znYkqt2iLN4AI
Malware Config
Signatures
-
resource yara_rule static1/unpack001/fd9725ecc7ed625c2174660e7f51f647fff9474f4c21c8ed84e0608bbcc5a409.exe upx -
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
resource yara_rule static1/unpack002/out.upx autoit_exe -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/fd9725ecc7ed625c2174660e7f51f647fff9474f4c21c8ed84e0608bbcc5a409.exe unpack002/out.upx
Files
-
d6f99a0cc11e32ea897bc97a319748ab.bin.zip
Password: infected
-
fd9725ecc7ed625c2174660e7f51f647fff9474f4c21c8ed84e0608bbcc5a409.exe.exe windows:5 windows x86 arch:x86
Password: infected
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 768KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 337KB - Virtual size: 340KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 245KB - Virtual size: 248KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 560KB - Virtual size: 559KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 178KB - Virtual size: 177KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 24KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 253KB - Virtual size: 252KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ