Static task
static1
Behavioral task
behavioral1
Sample
reciept,pdf.exe
Resource
win7-20220414-en
General
-
Target
0f16edd83d20fd6f3919eb95be613a515548de4d5b1785d056b119ef26598c33
-
Size
494KB
-
MD5
df68fbfc6a2211bcf0bebd9b9a673866
-
SHA1
b796e9972d14077aa0c0ce7d398a321fae254757
-
SHA256
0f16edd83d20fd6f3919eb95be613a515548de4d5b1785d056b119ef26598c33
-
SHA512
40d2d9f165fafffe24751fdda0ae04b5a55cc62edadc999f99470ea0a0ac71595e0b2a274ecdcd80acd4dfc34889cd3270a7ae03c02e9633f6c18089ab062fe2
-
SSDEEP
12288:iZd0O4vuzUp+gwGYk+9RF6YB82vddRoOn:izb4vkUQg7T+vF6i82TiO
Malware Config
Signatures
-
CoreCCC Packer 2 IoCs
Detects CoreCCC packer used to load .NET malware.
Processes:
resource yara_rule sample coreccc static1/unpack001/reciept,pdf.exe coreccc
Files
-
0f16edd83d20fd6f3919eb95be613a515548de4d5b1785d056b119ef26598c33.iso
-
reciept,pdf.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 430KB - Virtual size: 430KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ