whar[.]zip | Triage

General

Target

whar.zip
Size

5.6MB
MD5

99890717cadb5bfbef83f7dfbbf53375
SHA1

9a95bb7bd53c86436d39c382054f861005776795
SHA256

1399d5b620c625e02dc9873240b3cc9cdafc451673a82275f0da8b9c6a5ae486
SHA512

ad81ee801ef4438c9abbf12511db409853d35324a4d8cb9f9bf9ab6a2f0f2419e6dcd79dbc03ae4d017726a85166c11bfebfc662ecdef5ba90cac63cb184c6b1
SSDEEP

98304:6qdu7YNUAfFUxUKfQ2inHjsP4L6EARljlADEyXwSN4K3YIWM6ysATaiXh501jeAV:NFfFRuiDAEeVlME/SNMNXiXLyaLS3t

Score

10^/10

Contains code to disable Windows Defender 1 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

resource	yara_rule
static1/unpack001/Discord.AIO.exe	disable_win_def

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Discord.AIO.exe