Behavioral task
behavioral1
Sample
cotización.PDF_98776456879808756846576879806765687976457687986764.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
cotización.PDF_98776456879808756846576879806765687976457687986764.exe
Resource
win10v2004-20240802-en
General
-
Target
18092024_0101_17092024_cotización.PDF_98776456879808756846576879806765687976457687986764.bz2
-
Size
833KB
-
MD5
8b6fef19071d62a624c52eaf9b697741
-
SHA1
435bc6a4403f492a39970996fc0171bab863e8f4
-
SHA256
6d121a6dc5d83a314d50c200a9bb80997585122c770b70f5905de16c550e3824
-
SHA512
bb067e1a7b86868b61b9dcdd882d62775f9681e48f74de664a25a84314e9d17b485b904f96fc612e60ea9b3c0a41746f990ef9580edd90003f434ad709363743
-
SSDEEP
24576:kr/llbDMdvT+mW6RFIwdgNjLex3ShhUYR:k5lENT+QjISgNjLeQnUK
Malware Config
Signatures
-
resource yara_rule static1/unpack001/cotización.PDF_98776456879808756846576879806765687976457687986764.bat upx -
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
resource yara_rule static1/unpack002/out.upx autoit_exe -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/cotización.PDF_98776456879808756846576879806765687976457687986764.bat unpack002/out.upx
Files
-
18092024_0101_17092024_cotización.PDF_98776456879808756846576879806765687976457687986764.bz2.rar
Password: infected
-
cotización.PDF_98776456879808756846576879806765687976457687986764.bat.exe windows:5 windows x86 arch:x86
Password: infected
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 472KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 264KB - Virtual size: 268KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 29KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 514KB - Virtual size: 513KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 56KB - Virtual size: 55KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 26KB - Virtual size: 105KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 37KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ