Static task
static1
Behavioral task
behavioral1
Sample
f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
Resource
win10v2004-20240611-en
General
-
Target
f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5
-
Size
268KB
-
MD5
bbc3340f9a97710f3e61748478e8e71f
-
SHA1
2d2d625853b96838e1e226cb72afaf70be8edb83
-
SHA256
f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5
-
SHA512
e58413a14d8428f771f0625f28c006c96a71e270557b404aa9a8955d5f403724ebafde3e337f749833f434413abfc357d9683cd3c639773efa08e9a125cb5679
-
SSDEEP
6144:dXC4vgmhbIxs3NBRdMCmAvl7hCLYCaoHB3RehIuvynXyLqEwK6/eHL:dXCNi9BwNI/UBBL7ymLJc
Malware Config
Signatures
-
Detects executables containing possible sandbox analysis VM usernames 1 IoCs
Processes:
resource yara_rule sample INDICATOR_SUSPICIOUS_EXE_SandboxUserNames -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5
Files
-
f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE