Static task
static1
Behavioral task
behavioral1
Sample
fcc3957da664d8621f4fab9ec0cb8747738f021f9d067fb61bd3de3ebe0c8260.exe
Resource
win7-20240611-en
General
-
Target
fcc3957da664d8621f4fab9ec0cb8747738f021f9d067fb61bd3de3ebe0c8260
-
Size
73KB
-
MD5
0b3aad021c947644e20d5741c7149383
-
SHA1
8ecd2231171ca1c938930355230ac1d81d27c093
-
SHA256
fcc3957da664d8621f4fab9ec0cb8747738f021f9d067fb61bd3de3ebe0c8260
-
SHA512
f2eb79b07a85df923c4fdd8c97930ee8c1e586b3f6ba880b016980adf811b7cda817a511fc8430a925b0f5a1f642840136dbb116b13da9c02d2710285404d76f
-
SSDEEP
1536:G1ioBYUcEtGib8QjvG0DJsvw3yNK4FScNT7xvlZY3Go78lcd:AMEtBJG0DWvw3eK4Ic9lZY3Go73d
Malware Config
Signatures
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality 1 IoCs
Processes:
resource yara_rule sample INDICATOR_EXE_Packed_SimplePolyEngine -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource fcc3957da664d8621f4fab9ec0cb8747738f021f9d067fb61bd3de3ebe0c8260
Files
-
fcc3957da664d8621f4fab9ec0cb8747738f021f9d067fb61bd3de3ebe0c8260.exe windows:4 windows x86 arch:x86
14610dd0ebbc796a9a3a2ba2cdd24e79
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
ExitProcess
user32
MessageBoxW
Sections
.text Size: 72KB - Virtual size: 76KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE