Contains code to disable Windows Defender

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

CoreEntity .NET Packer

A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

Modifies Windows Defender Real-time Protection settings

CoreCCC Packer

Detects CoreCCC packer used to load .NET malware.

ReZer0 packer

Detects ReZer0, a packer with multiple versions used in various campaigns.

Executes dropped EXE