Static task
static1
Behavioral task
behavioral1
Sample
swift message.exe
Resource
win7-20220414-en
General
-
Target
58f504cc1df08a7184980c8b795e0fb96994d9c396e6e5f957f627ab044b4c16
-
Size
169KB
-
MD5
433efe7d94d05c6b154e192924717de0
-
SHA1
d01cb136a270f5309a9e339acdcebcb26ceea74b
-
SHA256
58f504cc1df08a7184980c8b795e0fb96994d9c396e6e5f957f627ab044b4c16
-
SHA512
ad2f7dff82ca8981d3dccd8c29531774a57ed3803833a54191d083da4fcead793c7ec71df46e6d2ca0373a230dfb96ee45a4269994ac81084f471080bf988d7c
-
SSDEEP
3072:8WGxyvagPzFT97Pw0LAvIS8sea4mGA4LmFFF7j/2+CWap2CDEpocScgQ:OGagPzFT97P7Lns8mGA4Laf/2/dp2CQf
Malware Config
Signatures
-
CoreCCC Packer 1 IoCs
Detects CoreCCC packer used to load .NET malware.
Processes:
resource yara_rule static1/unpack001/swift message.exe coreccc
Files
-
58f504cc1df08a7184980c8b795e0fb96994d9c396e6e5f957f627ab044b4c16.zip
-
swift message.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 255KB - Virtual size: 254KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ