Static task
static1
Behavioral task
behavioral1
Sample
Po-5865A.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Po-5865A.exe
Resource
win10v2004-20241007-en
General
-
Target
09e6fd65-9691-4eb8-e6f7-08dd0dce4a80.gz
-
Size
240KB
-
MD5
433eab0a6440defff2889c24164ec8af
-
SHA1
5c98180cd51bf285782bcd27e4e4e6efff584089
-
SHA256
449b00d6aca53af24c348bcc96efc782ab99222a23abc9f15b4e4dd08844b802
-
SHA512
015cffafd99d48eba181df9a724825915642b749ba0e7b37c88734b7882d00ce1ee88dbf98201503ee4b36e012ed92c4277afd2c4c0c78540b2a3614ae3d69b3
-
SSDEEP
6144:15hhojmSGOAIeI/iLgKHlDiSWEXAD0lYE1qDR5oRq8l:nhSjqOfeUi1dVXAoYE1qDRCRq6
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/Po-5865A.exe
Files
-
09e6fd65-9691-4eb8-e6f7-08dd0dce4a80.gz.gz
-
Po-5865A.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 370KB - Virtual size: 369KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ