u_85DA3D7A4A5EA1D0A976EE597B5AC9F9[.]fil | Triage

Sharing

General

Target

u_85DA3D7A4A5EA1D0A976EE597B5AC9F9.fil
Size

86.2MB
MD5

0fb76a4c3b8420130bcfcefcca30c89a
SHA1

3e2b6e7a40c8426054ceb26ce0b061d02cfc053b
SHA256

391781319f007d319e35b73b82b33fe68ed1084638d91b11bc8bc304a7927af3
SHA512

1150d938dd895457eb6a57d36f69b665920347099bc7e36bb4a08c1ee93b3c8873bb5f8b00cf6bcb7bd25f677d33a65801d9288c1ce91c2f310200f4bcdabe24
SSDEEP

1572864:uU7NowjKZXDeOAYi0DLeJraBW9SCOURymjeLJXCEuwwCiBImzkLU/I6sUyXn976r:TNobHi0Di2

Score

10^/10

coreentity

Malware Config

Signatures

CoreEntity .NET Packer 1 IoCs
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
coreentity

Processes:

resource yara_rule

sample coreentity

Files

u_85DA3D7A4A5EA1D0A976EE597B5AC9F9.fil
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 50.0MB - Virtual size: 50.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 543KB - Virtual size: 543KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1.1MB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 176B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 31.3MB - Virtual size: 31.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ