53398258a220177c38d7c2772465b04abf1d5f76f5498bac47fcb4bb8a8497ce | Triage

Sharing

General

Target

53398258a220177c38d7c2772465b04abf1d5f76f5498bac47fcb4bb8a8497ce
Size

1.0MB
MD5

84fc9b2e219a1e95f95f1406c76decd3
SHA1

b71510a02066fb0cf632073ff2018b79133c6f26
SHA256

53398258a220177c38d7c2772465b04abf1d5f76f5498bac47fcb4bb8a8497ce
SHA512

29966dc48b4bbe169756d39f432e79502d3253a07aa4909a8ccaf115851d40abdd1cac8a0d7c49ccf9f608f7bf115dbfd105af3b9a32a4a284dbcbeab0744c20
SSDEEP

24576:NP8Q+sV7DWX9PKipLW1BP8Q+sV7DWX9PKipLW1q:aDslDWdKipL4uDslDWdKipL4q

Score

9^/10

Malware Config

Signatures

CoreCCC Packer 2 IoCs

Detects CoreCCC packer used to load .NET malware.

Processes:

resource	yara_rule
static1/unpack001/Our company presentation~pdf.exe	coreccc
static1/unpack001/Purchase Order~pdf.exe	coreccc

Files

53398258a220177c38d7c2772465b04abf1d5f76f5498bac47fcb4bb8a8497ce
.rar
Our company presentation~pdf.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 508KB - Virtual size: 508KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Purchase Order~pdf.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 508KB - Virtual size: 508KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ