Threat Intelligence
File Type
lhdfrgui.exe (WannaCry dropper)
|
24d004a104d4d54034dbcffc2a4b19a
11f39008a575aa614ea04703480b1022c
|
3.55 MB (3723264 bytes)
|
2017-05-12
|
Win32 EXE
|
tasksche.exe (WannaCry cryptor)
|
ed01ebfbc9eb5bbea545af4d01bf5f10
71661840480439c6e5babe8e080e41aa
|
3.35 MB (3514368 bytes)
|
2017-05-12
|
Win32 EXE
|
EXEC.exe
|
1917ec456c371778a32bdd74e113b0
7f33208740327c3cfef268898cbe4efbfe
|
306.50 KB (313856 bytes)
|
2022-04-18
|
Win32 EXE
|
medui.exe
|
719b44d93ab39b4fe6113825349add
fe5bd411b4d25081916561f9c403599e50
|
833.50 KB (853504 bytes)
|
2024-03-27
|
Win32 EXE
|
Prompt
The following is the exact prompt used in all the examples covered in the post. The only exception is the example where the word "disassembled" is used instead of "decompiled" because, as explained, we're working with disassembled code rather than decompiled code to show that Gemini 1.5 Pro can interpret both.
Act as a malware analyst by thoroughly examining this decompiled executable code. Methodically break down each step, focusing keenly on understanding the underlying logic and objective. Your task is to craft a detailed summary that encapsulates the code's behavior, pinpointing any malicious functionality. Start with a verdict (Benign or Malicious), then a list of activities including a list of IOCs if any URLs, created files, registry entries, mutex, network activity, etc.
+[attached decompiled.c.txt sample file]
|
Published: 2024-04-29T14:00:00
Privacy | Terms of Use | Contact Us
