Behavioral task
behavioral1
Sample
2012-54-0x0000000000400000-0x0000000000747000-memory.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2012-54-0x0000000000400000-0x0000000000747000-memory.exe
Resource
win10v2004-20240226-en
General
-
Target
2012-54-0x0000000000400000-0x0000000000747000-memory.dmp
-
Size
3.3MB
-
MD5
17d249e9e7fcdbe84b712f217524b8ce
-
SHA1
9feb0cff89e7a2f1a142c0b8b96be01bac0c17b2
-
SHA256
8cd3555f2b57aee6a81990f120c933f1eed73a7b935195e0af2fd986215494d5
-
SHA512
3fb853ad0ac594ca5b8dec2f217b6568c59f689724f8c183bb47e38e52dd714ea4342f1391f69ab0e7f9fefc7fa71602f740ba2fb9520c930d3d6406b5bf552b
-
SSDEEP
49152:UB0tIiOrWHvdG3qkS5t1xdf5k6N21D5MMCC2i2adSv46k1nk/:UaeHrMaNS5DF+Syk/
Malware Config
Extracted
aurora
45.15.157.130:8081
Signatures
-
Aurora family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2012-54-0x0000000000400000-0x0000000000747000-memory.dmp
Files
-
2012-54-0x0000000000400000-0x0000000000747000-memory.dmp.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Sections
.text Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 286KB - Virtual size: 472KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 1024B - Virtual size: 988B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 70KB - Virtual size: 69KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.symtab Size: 512B - Virtual size: 4B
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ