Static task
static1
Behavioral task
behavioral1
Sample
proformainvoice.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
proformainvoice.exe
Resource
win10v2004-20220414-en
General
-
Target
99d623f75a541bd87a9d583720ee08b02de86b85c8534c6d36cfd7345b4347da
-
Size
375KB
-
MD5
bd40f295fda4b533b9ed1fd0f514ba00
-
SHA1
1637860c3334c054c4e4f35d5de708871ad9ea56
-
SHA256
99d623f75a541bd87a9d583720ee08b02de86b85c8534c6d36cfd7345b4347da
-
SHA512
5cbfdc793e1a41f7bdb09f3b64a88d4b2681e4e4d8670a1fb056c55cb46531b0f142ac6e6ab30d89ab2a151424d7cec409e19a14c7c6c2387b17b3f704287d78
-
SSDEEP
6144:5gWb3D/j0MMDvbNf+GrdjT9QqfjpC82GICcWFGFCVkj7g6h7NhHfiSOf5vz5veMf:aWb3DYfbNfFBj3I8XICctFCVW0l3XylY
Malware Config
Signatures
-
CoreCCC Packer 1 IoCs
Detects CoreCCC packer used to load .NET malware.
Processes:
resource yara_rule static1/unpack001/proformainvoice.exe coreccc
Files
-
99d623f75a541bd87a9d583720ee08b02de86b85c8534c6d36cfd7345b4347da.zip
-
proformainvoice.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 406KB - Virtual size: 405KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ