ziLd.pdb
Static task
static1
Behavioral task
behavioral1
Sample
FDA50N50 ONESMI _10000.exe
Resource
win7-20240903-en
General
-
Target
FDA50N50 ONESMI _10000.exe
-
Size
496KB
-
MD5
fa439f9a3a801f167e9bfce0c28e97ac
-
SHA1
607b7c6aeef7d310c14c59bb0b1c7f3c77d1a481
-
SHA256
fc05c8cd30f572b0db13bc5189c99ce499f133f7b65167c06518638c26623a81
-
SHA512
a10348bf3b54161470bdc5e50aa56087ba7f9170666c44bc3139bff985f6a034ed004fb389a02c07958f7370639aea84d2f3b7004bb2553c8852f9e7aac822c3
-
SSDEEP
12288:xH0nsDsfvMZ2sWBNkdNyfsOV+qcX8oeLPkpDVTlUVm:xUnL3y+Oy0OV+PYkphlUV
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource FDA50N50 ONESMI _10000.exe
Files
-
FDA50N50 ONESMI _10000.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 494KB - Virtual size: 493KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ