<�U�:���o�*��|<��50��}�B�d"�sڗ��s<l"ߋ)���E��jW{A�)=��LE]Kc�Di��7�J�Nj��3�Ett���1q*����x{aw1���>O�L(�JЍ|$Z���읣���,�jI�n��+[�����j1����>�bj� �X��b�YPO��$���n]Z��q�9.�u��ڈ0ۥ0[�243�W2��89�O�d�����l��ā�M�e���� d�%���Tx����٪�v���9��d�?&���#��ؠ-X]��:ܫ C0�����S~�Q���f�,���!�g���� ���/8L�����_�c������8e�S�!iX�w�,�z�+KOEl�ڀ)���.� $wx4��K[�S5C���v�5l䭚#���t�@^����(�A�C0��,�� ����z^z,r� ��I�b��S2�]nc'��b�.��hpP�K���(k�;v��z@fZ��0�W ��;��aCJ�4.qQ(gQ��G�q�q��o���hmAg�ѯ8B�dT3붆�8��=\�խ��@iL˘��8�)�Gj}rP"(�����Y�n�$�;�ܘ��S �"��:Ń:����zD�)T��û���5X�Q2�bY���־�& =��Ď�WjiXS�b����!_뜪F��~��ޱ��B�xsh4�ǡ�o�h%�)��x�S����߯Ӑd %ӓ��t�z-�{r��F�w�In��g������-��y�+f�J(�ˎ5:���y3\�>��; !�^%o�&�����+��zŽ��K�Aǖ�s Zx��/�]%�%ঈx��l��v�N@(�XC�%�|��S��^���b��(��4����ZWk��_�BH���aN�nB���G#�����������@�r`����ͷX����/Z����E{���TR ���L�9�l�3����:v�En�1rႣ� xҍ]-�]!_��U�!�)!̌�[S��]��vζv <�a �FC���J"!2�ɶ<��'�k�J����ED�})+LO/$s ��h�3J�v�*��{��Kż�����6XU�?��Yg?��4A*�����>����Z�I��Ͷ���;7\uq�YB%@x�������� �$d�bn��s��~�w��HǙ&'�Xd��M���ʝ?��5�;tEz��庍+#�pBU�O�4XxOlO��g����Nx6�n�̛�TF?�������0f�₮M�>I��N�2���T��#a�r�����u��~@�_�>���W�5;����4��=(|�܃G��K?��n<L[�|T�Qf�e?�F����2#-�7�|klQ�j�g�iDI�v�I]�����9��v�z���3��Z�Ht��j!3E�ɭ�YiB����qXt�#aO�=�@�u%žBԪ���V:O,.%.Xk��Hp�jb��fH�,e�z�m���Y�KH�c�b����y���+�-�yչs%!�k y�;y���;��;R�u#�5�z��? #�DT��L'� .a #h��tN�Q�pf�E��Oay �)JUv�~w��_���[����O��#�J��T�V�a��4i�E���$��¡o���2 ���d��:f��Q�ӿ2c*����hAgUD�`�o����WS��Y�E�ٿ�����y�c2 ���[�t>�|���J�S�H��n��|��L�� ��V嫛��s��;�f⎍p �@�>��� ��^�&T��D*k7Q-AM7����.��'����\���b���.3c��7��}�h�.�ia�\�������"qcH1�W�.n��qG���nV�e��5Lj���Ak�S:9�(y� 7�3&ˑ���"�~���S��R+�����|��d&\(n��h{���/, �G툀�f�_a1��ێ���Ի1��P�y����-���� �o-�Q99�$?�h�[��q �$eS&""V�V���U��,�hٲ�xD��P^aU�~�匕�3���\%�虑��*U*���1de��$���s3�<�y� ChW�,;"�����¶pW�1�����o.`"6q� ��;Ǿ�e[GbѺ-fK��������O>]mr�v�[���B���:�'!Y����$R[�ϸ2g4�i��!s�"�ch�lc����@>C���1�.���u��v������c�&8E�����ˊ|���`�A� ��-@�e���v� ��ay8��hOi��G��������X��j���$�aF�8�99��ߖA,�����v4�-�O�L�ũƎ_�=�ƭ+?.�UiZ�yb<����tQ����RF��V7���Ĭ�����9�j �dEvt��Q�"��VUoJ� =���&xPJu��ȷ�h�tG�c�Y��`I_�����n�p'F����� $G�T���T�0;k�y�~�M�l�]�$�{f�jB���i�=��Ի:�tz�����`�,z�X-���IĒ�5���,�tKb��vq�w�ŵL�%#?�����n9��l~xe�L��Ȼ��!��k!���7�E����qdxl~-ql�p;�}�_�6`G~�*�6{l)���H�Y�mBi�E��N�Nj���!�jŶl0Zʌ;l.��b0��n��� �Zc2��QR@B:x�t=�!2��vy���fM@(�@Y���t���]F�\� _H_�S ��w;���B�0c��fc ���t,�v��8�`���kׯ$k��Y���F��G��Z����p!Q�sʆ~=[�O���f(_��7{b`��,��C��Ǝד8��h����$aN[�5���.{}�SB����9�M����3�̄CZ�\��$�d����a)ԍ�Q�tM�>P��bƸW���N"��4:U�����F�;]�eJ����23�)p:�ɓ�0�\7�]w/�>#Pq��!s{�u�R�����&�8��_�\������� �r�[y ���m��{z�K��JN�|�SlWs��R��@��K�zؐ%�K�+T�\9��[r�ͽ�O�5��:��@d��njd��?���5���u�:<�V�g�_:����i�� �糎��8a$x+Sk����HwԶ�i~��{=�M5�8I�~P1�rM��Q��= ���2k�(��7Z~}<i��Q��r�]�W}[D �xW�`q�8Ɩv9]� ��̵�(^���Z��S��߯�s�� ���5a��uM�sڠ�ad�n�wlAzm���Ss�r:+?V �� ��-��5 �4S��}6�:�-�W���.2��C���7,2�(i5y����گ�h>���~�њ����-v�A�14U�L��������q /�5�--N���rQ�Lz�6��Ah��;�z�w��;�Uvc�u������2�_��zRuu�W9�k|1ż� ^�Un�����UNp�y�|J·8�Į��5��a��X�m�Xh�es9�����rlc�r�>1�?����b��L>˺f�_�Es ��Z�ů�>G݃��c���o�F����bf[��O��_SsXS8T6l`X<Jt��ѳd*D��ۿ ;�#Kĸd�D��ҨƈK8��Q����g;aM�!��m�0��GS-��$����`J�6���ت�\�U�<�BOE��ݓ��Co��c��;I�9~M}�}��f7��!/bz+ތu]թ`3wNa7]�H�~��y:���� �$���d�}_���V��P+�E�� U,S��F���L�IW�(��0�G^���V�$�6+<.o��� _��|�}��P�wA��U�kL��$�M0p�D2eާV�C��Y��h#�
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240221-en
General
-
Target
file.exe
-
Size
2.4MB
-
MD5
8369d155da8c3f7bcea8490d36f2f114
-
SHA1
3d7fc15294497e6af579bdf8343eae47a05ae2c2
-
SHA256
2ea252fc14bd9190e6a6d57b8f2ecb7870a4eecf01acfbba9d0f698838f03fe8
-
SHA512
81afcb035c63110ed2cc845ac77472a54ebb6ecc939d8dcadc9e0640bec1d9914775f16aa113a681d171c0f3ab3ad73bfb7f646796476233b3d7cc867d0aa47a
-
SSDEEP
49152:CjwLPhO1wZ6bIIfTzOhrYI+ieeK/DdHIiWShl/hgH/jVwE+D6+eWuI:CjmP4wAbIIfTiz+iz+dDNuH/mW3
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource file.exe
Files
-
file.exe.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Exports
Exports
Sections
Size: 41KB - Virtual size: 108KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 16KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 1024B - Virtual size: 2.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 8KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 202KB - Virtual size: 7.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 2.2MB - Virtual size: 2.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE