=F@�}�����O7H5����!Yaf�T�;C_�A,m�$t{�7�waX*�<�ޖ���t +n�ԔJ�Y/!�0XpI�U�ڇ�x;���L�;��^�Z����?��l���6P��k~����б����6s�;����+�KDB�5%��| }�jJc����r�j�Z���;ͱ�F��n �x}-��}.�����ksK\����wsW��e��Ѕ�*TG$�E%�r@'p��8��� tƠ�cg���&G�̥#�KN�"N��T�;HB� ]5I��B����]���I�+� ���Q&m8��r�n��-V�-��7������!��Xh؎�w��9�n��~˴N0V�xz{����K�L�j��@,�`�XgY���ueU�*/~������w2 ����O���{���1�z����THqto�ns)O[r��ܱ�y�����$�lVC��9ФbG/�����]ƼbQ�z ǝ�{O�}�9�ǧ���_���>����S�j�n�T�.B@� s��/�Y2�� U����j�]�r��#�u�JrE�.)�?nE��CH"/�vR��7��Q��������.�4fF��}���� 5`�?�ӀV[T_�.��(�H7M�ͻ:���i����o�����Ɍul��]�bk��c�Y���T�k���n�������v�MnPD���T�Hj�1=�O]���L�n?E:5�8ĥ�_T&���; �C<��"ӑ�8�䒤B��E�-���1���H��ow!yJ��]z��&\l����M���3&� �dv����s�e0��I�����>˞�� z}�}����V����\��h��*+�s��s�EJ�������u8KP�N��ǔ� zZk6�zG=�}+���lz��P@m2�(��d@OMjA�)'"���K���]�'!^G��0t���J�A���,��_Aōqф��T��# ��!��w4z}��HD2�)��rB�\�#0�~� O�Ó���f��I�M �v�U��P<�IV��5-xB$_a_xh�P���ݑZ%CϘJ}�(8�������bV�� {Q�'��> BIH w_O�<3���7R����I:V��ֿ���8l�����v�m��W��k�&�C֪�}��F|�=y��27b��'���}��'p��m�g�L��E8�\Pᗵ��Dy��r�UN� ����ܰ Ar_b�o];)� @�4������-V�1�&H��B�h@)�d袊,0g&6� e")�-yc˵��/����1]����[6�rS��^E�U��G��cwԍ/��`^Դ目'��OW���`��_�#u���`e�� ���h8���lw�i7�0Oh�1jd.�_P���a��N7���Z�C�G����ҥ��o���(Ml��g��{��2dV!Ѭ��1U�HU�B�N[���b�-&]� aeM�~�P��kĝ�b��iޗ�'({�45A���V��aٷ���t�5i�Y��x%�:�+�֚RJ����+�2���-9�#cE�<AjQ���Q�HA���:MP���F�<eUrʡ��N�߁��@8�5n����d3�A5�* �q =uM��_�v�z305�C�T���d�:�[ Y_;���� �k�]�k���v�.6�&|OZ�Yv�Ŋ������,��{l���y���%�'��n�v��z�B�MK�%Å����]��+�^�ྡ���p��P�n"�@jW� ��&R�/�:��s�:���]�ӎ��;�mqC6)1&; �nb�{CP���8�3~�P�x �wwZ�4�,`4A 컿�(�Ą���M��6a�L������qcm7gw�|���S�$����P���i�d�:���Mf���&��0 ڙU�_�5�����}߶ W�?�&�W�F�1}ʐ�� �L@b��l�����ť��b<��S�)�J�38SH�1L��ҿ���� ������ ��[Ek*���U��9]im�S4�����֤=�6����Z�~Z�;�VI��95{_���/�e��7K;�H�DE��� ��i%�P���ߦ�DH���>�8���1j����tm){����O���=���*g�nU.����*����(�Q?~X!=<�Cy�Gcݩ�y`���&r}�Z�0����~���s[h"��T�N'� ),g��m��E�Я͑�Mt`e��aR�tY�zZ&�?�( k��`����K�t�R����t��,�7-� x�w�7�b}�G����f跈$">Ԛ�jJ��j�����c`�0:��M��̢V�*x1�py�m�9��c1�W���Ț,�d�74�o� ���2�9�[��]b�?+2����������G��ɏ��JU �H�\.y].�y7Z��K��&�o E�=kTrO>��y>����X���(l����S];��=v�O �������;��Y[� ���� ��I�Y!���<絷봔����=X��K (�c��-�JwMP,���$�����'G��y���Pm�.bo��=D��Oh����K�����7����q�E{�nR���:�INHt4q�R"<6(��i�(���-�XswE�R�5�$�������{ZØm "0��l<���b�V%Ɓ�wޔ���S��>�q���3�����y��`�ߍ�z��Wd��%��&������e8M<mIS�A�`D����)�3q��V8�s����ڰ��+��{ЇPx��������L���&Dp�51AA���?���������j��%�� ��z��Ɗ��� ˗�9��K��R`P������lwu���b��h���辬���@חy�S�8��j f����'m�L�.D��w��� �Gc�7L���|>���j>h��r��H{fa˙���7�A�p�#C��y���X�S�UJ�T��S�`���t��x���ӼFy��l�FM�R�іt�h3s�[�=�<�R�!�7�t��$���qY'��M�� �Xj,��`m�"����b $7�= *��vR��<��t��8��I��:9֬ ��8���%dӅ��5����Ρ�s��g ��ԗ�bI�� ��Z��-��<�v���+ݴfA�f(� ��UB�~�D���v)-.Y⸛���XpT˯�fy"D��������;Y�� �� PN��:��d@���j BC{�Fe�|}�²�?] ���CPJ��>Źd�[� ��IQQ�2lh�(�&���Wؖ@c%��������ޅ��/��S����L���#M�ͣ����-�$��&Ӻ+���B��9��"�@�V"�0�eAƭ}so& �{��b�����=aF\Q���#�bE$�džȷ�c��S;��jOٖ��6��$[
Static task
static1
Behavioral task
behavioral1
Sample
0f5c4151985cf4253b982f9c7719ae75be12897fe6c41d63cd4836c00c1fd0e7.exe
Resource
win7-20240508-en
General
-
Target
0f5c4151985cf4253b982f9c7719ae75be12897fe6c41d63cd4836c00c1fd0e7
-
Size
2.3MB
-
MD5
8fa2f667ffe5c752120f557689b06e28
-
SHA1
e2e526d96d606a0d1f35415469c72243de47790f
-
SHA256
0f5c4151985cf4253b982f9c7719ae75be12897fe6c41d63cd4836c00c1fd0e7
-
SHA512
acf6c6ac55aa0a6da3cce39ecc90bb47f9bd81dba4d241bf746614c4b7b062526d7b9a326cb92c17a2ca0fc1d8511a8c13a3ad84142eae46b72e214d53bfcf75
-
SSDEEP
49152:MXPKgCmELanaLLez6EFFfSUOR++hH4N8SpitYwdJaO0p7UoOj4C:MCvmY7SzHFFfAhH42tYwFoOj4
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 0f5c4151985cf4253b982f9c7719ae75be12897fe6c41d63cd4836c00c1fd0e7
Files
-
0f5c4151985cf4253b982f9c7719ae75be12897fe6c41d63cd4836c00c1fd0e7.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Exports
Exports
Sections
Size: 41KB - Virtual size: 108KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 16KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 1024B - Virtual size: 2.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 8KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 202KB - Virtual size: 7.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 2.1MB - Virtual size: 2.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE