Behavioral task
behavioral1
Sample
bf39cab0316d955f9390d32d9fcefc6c665969c3ce63f018d09a8fe5015a998f.exe
Resource
win7-20240508-en
General
-
Target
bf39cab0316d955f9390d32d9fcefc6c665969c3ce63f018d09a8fe5015a998f
-
Size
1.8MB
-
MD5
b399ade4ccfa214269bb946c2429adbf
-
SHA1
327ec0d492593bfa5e4ae55ad86187e105578bba
-
SHA256
bf39cab0316d955f9390d32d9fcefc6c665969c3ce63f018d09a8fe5015a998f
-
SHA512
905c1cef696408872e0e354f10402f7871f1cb4a2711f8e6c47efbd6e43971c0f8cada6675a077b5efe8b209b911959a1e7e5cef54381983ea9188b127db91fd
-
SSDEEP
49152:jVDpjoTCTtlc29kOipHZzqTlbKAwqJXmSwSi:pDpXTtd9kTpHcoAw/Swp
Malware Config
Signatures
-
Amadey family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource bf39cab0316d955f9390d32d9fcefc6c665969c3ce63f018d09a8fe5015a998f
Files
-
bf39cab0316d955f9390d32d9fcefc6c665969c3ce63f018d09a8fe5015a998f.exe windows:6 windows x86 arch:x86
2eabe9054cad5152567f0699947a2c5b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
lstrcpy
Sections
Size: 182KB - Virtual size: 408KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 2.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
zwvqdoqh Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
oyowmqkw Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.taggant Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE