mc[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

mc.dll
Size

909KB
MD5

f25ea611a7152da0185c95867e209593
SHA1

2e19cc102f863a59b5fbfd27d591181c6e8d5bce
SHA256

b86a5c70f666fdf4175bd6dada20cb3b0951d6a3bb879288bdae57f555ffd534
SHA512

232f5beacfb25e717b5aaca3c7d65d0e8a99ad78ec019c45c268f138fd12552e70bacefdd9bdf4c5ba8df52a4b0ec8e27528110b882c7c0fbaaebf422651ad54
SSDEEP

12288:Ih9sjzuC0hipR8mXWO3FhszhhI3ugtz4A45yklPVMojehS8WFs/BZ1U8w7/zt8yB:I+KInghI3btz4z0qhCXJpZ+/zt8yaxQ

Score

10^/10

coreentity

Malware Config

Signatures

CoreEntity .NET Packer 1 IoCs

A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

coreentity

resource	yara_rule
sample	coreentity

Files

mc.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

16-04-2020 18:36

Not After

16-04-2045 18:44

Subject

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:1a:c9:80:d2:41:37:45:9e:89:05:00:00:00:00:1a:c9
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Not Before

10-07-2022 14:38

Not After

09-08-2022 14:38

Subject

CN=Reason Cybersecurity Inc.,O=Reason Cybersecurity Inc.,L=New York,ST=NY,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:1a:c9:80:d2:41:37:45:9e:89:05:00:00:00:00:1a:c9
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Not Before

10-07-2022 14:38

Not After

09-08-2022 14:38

Subject

CN=Reason Cybersecurity Inc.,O=Reason Cybersecurity Inc.,L=New York,ST=NY,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:04:96:50:4b:d2:db:ee:cb:88:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Not Before

13-04-2021 17:31

Not After

13-04-2026 17:31

Subject

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

01-04-2021 20:05

Not After

01-04-2036 20:15

Subject

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

84:95:44:64:b0:50:1c:4f:4e:cd:af:54:98:a4:44:c8:52:eb:19:58:c9:99:e1:60:e8:0a:06:06:63:bd:9f:59
Signer

Actual PE Digest

84:95:44:64:b0:50:1c:4f:4e:cd:af:54:98:a4:44:c8:52:eb:19:58:c9:99:e1:60:e8:0a:06:06:63:bd:9f:59

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Reason Cybersecurity Inc.,O=Reason Cybersecurity Inc.,L=New York,ST=NY,C=US

23-09-2022 10:36
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 891KB - Virtual size: 891KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Code Sign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99Certificate

Key Usages

33:00:00:1a:c9:80:d2:41:37:45:9e:89:05:00:00:00:00:1a:c9Certificate

Extended Key Usages

Key Usages

33:00:00:1a:c9:80:d2:41:37:45:9e:89:05:00:00:00:00:1a:c9Certificate

Extended Key Usages

Key Usages

33:00:00:00:04:96:50:4b:d2:db:ee:cb:88:00:00:00:00:00:04Certificate

Key Usages

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07Certificate

Key Usages

84:95:44:64:b0:50:1c:4f:4e:cd:af:54:98:a4:44:c8:52:eb:19:58:c9:99:e1:60:e8:0a:06:06:63:bd:9f:59Signer

Signature Validations

Verification

23-09-2022 10:36 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 891KB - Virtual size: 891KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

33:00:00:1a:c9:80:d2:41:37:45:9e:89:05:00:00:00:00:1a:c9
Certificate

33:00:00:1a:c9:80:d2:41:37:45:9e:89:05:00:00:00:00:1a:c9
Certificate

33:00:00:00:04:96:50:4b:d2:db:ee:cb:88:00:00:00:00:00:04
Certificate

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

84:95:44:64:b0:50:1c:4f:4e:cd:af:54:98:a4:44:c8:52:eb:19:58:c9:99:e1:60:e8:0a:06:06:63:bd:9f:59
Signer

23-09-2022 10:36
Valid: false

.text
Size: 891KB - Virtual size: 891KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B