Static task
static1
Behavioral task
behavioral1
Sample
QUOTE_93.exe
Resource
win7-20220414-en
General
-
Target
b40a3c0aa371e80fb0cc86dfcb249a788f50260d490d950718f49c64e188a3b8
-
Size
1.2MB
-
MD5
464bd6ae6d1e1d7a6f88cdd7aa5025a2
-
SHA1
ebeb378de41055d1f21a662a521a82937a485332
-
SHA256
b40a3c0aa371e80fb0cc86dfcb249a788f50260d490d950718f49c64e188a3b8
-
SHA512
05020d770028713f22be47e32cbad15632e7e69f26d186ec599f2d136344743f7a9a6737616c6064b223554655aa8426871864a755d1f6f8e0f8510ef157dc2d
-
SSDEEP
6144:WfJH3sJutEUEnBbW7cKBJkPxOzonXmlXjQ1PwIintwS:WfSJuyUCGbkPxOzoXazYoI
Malware Config
Signatures
-
CoreCCC Packer 2 IoCs
Detects CoreCCC packer used to load .NET malware.
Processes:
resource yara_rule sample coreccc static1/unpack001/QUOTE_93.EXE coreccc
Files
-
b40a3c0aa371e80fb0cc86dfcb249a788f50260d490d950718f49c64e188a3b8.iso
-
QUOTE_93.EXE.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 266KB - Virtual size: 265KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 166KB - Virtual size: 165KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ