Static task
static1
Behavioral task
behavioral1
Sample
f8fb11582d89eceb099be971266172a0bc9033d350d5343f09436063adfb3ad7.exe
Resource
win7-20240221-en
General
-
Target
f8fb11582d89eceb099be971266172a0bc9033d350d5343f09436063adfb3ad7
-
Size
3.2MB
-
MD5
e9ed2adca7e63a58d0895179fc1e121f
-
SHA1
ae23767acd8d4a88b7c69d84e4df5f9733653662
-
SHA256
f8fb11582d89eceb099be971266172a0bc9033d350d5343f09436063adfb3ad7
-
SHA512
7fc5de0e2d85c85592ff935faa5ffa10e33615c8b2d274d28c322764706c2847ee40a9f15c3867cf278981fe2ac3778cbb9b3bd400f6c4064691f9c7c9ff51b0
-
SSDEEP
98304:visDo5sRzG+RVgbtHSB2MqlcY+kd4204+N1o:6uRq+8btHSdA/N
Malware Config
Signatures
-
Detects .NET executables utilizing NyanX-CAT C# Loader 1 IoCs
Processes:
resource yara_rule sample INDICATOR_EXE_Packed_NyanXCat_CSharpLoader -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource f8fb11582d89eceb099be971266172a0bc9033d350d5343f09436063adfb3ad7
Files
-
f8fb11582d89eceb099be971266172a0bc9033d350d5343f09436063adfb3ad7.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.2MB - Virtual size: 3.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ