Acordx[.]exe | Triage

Resubmissions

26/03/2023, 22:47

230326-2qlrssad27 9

Sharing

General

Target

Acordx.exe
Size

787KB
MD5

b9ae3e24cae94402a9064f98bdc6b2c9
SHA1

1ba4581263313c691b16ab1fb865df6531b6efba
SHA256

c63261033e45ccf81d7b308e39fb79febba720cee9d054b00843de38fd4e3396
SHA512

08bed412723ef6495623c1c7f259ce38bd328c4a85ca24aa870a07679c0c0fedb44993a7db6dbd82a496d140354c8c285791c5ed36e5478353f8eec4e627f1fe
SSDEEP

12288:ohLQzVgN9kzmdqz1+PVGZkqtF7Kg1Z6JIhZmHYrY2p:oBECNKzmQZl7Kmjx

Score

9^/10

Malware Config

Signatures

Beds Protector Packer 1 IoCs

Detects Beds Protector packer used to load .NET malware.

resource	yara_rule
sample	beds_protector

Files

Acordx.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

7J.;:
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 645KB - Virtual size: 645KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ