C:\Users\matt\Downloads\ForceAdmin-main\obj\Release\net472\win-x64\release.pdb
Static task
static1
Behavioral task
behavioral1
Sample
sample.zip
Resource
win7-20240903-en
General
-
Target
sample.zip
-
Size
302KB
-
MD5
9e8a086ef12dda4f5e4bca642526fce6
-
SHA1
60ee913f968da1db1274cd51a3438523123232f4
-
SHA256
90a5459c95036aace6e45f9357ad5577ba1265a5a18cbe8e1094726b5299fae5
-
SHA512
83bbd190667aae5c9a2c01087457ae63227dff3ada7e459223198f95d68ff85b499ee3668c87380ff16d866d8e4d0e30d7105bffec0f368c3a46db74c07e01cb
-
SSDEEP
6144:tMqXFIbKXyoc5NwK9RscAVGwNvb/Trn6yj14y0nj7IUto8u9iEOv7J1B47m7oQ7:i0FZcfweRscbwN7TrnV1Ij7f1YiEOVLL
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/sample/ForceAdmin.exe
Files
-
sample.zip.zip
-
sample/ForceAdmin.exe.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Sections
.text Size: 307KB - Virtual size: 307KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
sample/dropper.bat.bat .vbs