Static task
static1
General
-
Target
240630-mqf4zswfne_pw_infected.zip
-
Size
1.8MB
-
MD5
7b94a3c692eac925e2e2c774cdd3f346
-
SHA1
696d500c94dc93b0c44a3329c26f575639a11cff
-
SHA256
709d85d60d378cd15b7753ef5978ce64a2b7402e77acddcbc59346828777e45f
-
SHA512
aa1cd750de5cbae9b13be96adb0856e108791974c2b1e9b38bbdfdfd2a9e83aa13b3a62416bde9392df5e59a8c93c6bde2df0d3a374e6f8539f4b2938bd0c229
-
SSDEEP
49152:D/2VbRev5LqI2+3N2QUT/Y/Tf3QhI6/RK1HL:DeR+LL2SzctC6/RoL
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack002/585dad4590d9a7722a93434b59d8c37a5d21ff9deb0d5fff0b242d8b8268db98
Files
-
240630-mqf4zswfne_pw_infected.zip.zip
Password: infected
-
240630-mfzhkswelc_pw_infected.zip.zip
Password: infected
-
585dad4590d9a7722a93434b59d8c37a5d21ff9deb0d5fff0b242d8b8268db98.exe windows:6 windows x86 arch:x86
Password: infected
2eabe9054cad5152567f0699947a2c5b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
lstrcpy
Sections
Size: 183KB - Virtual size: 416KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 2.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
budclcol Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
zhdybbps Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.taggant Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE