Behavioral task
behavioral1
Sample
Avalonia.Base.dll
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Avalonia.Base.dll
Resource
win10v2004-20230703-en
General
-
Target
Avalonia.Base.dll
-
Size
1.8MB
-
MD5
43e592fb29c314df1e924e8e96ae374a
-
SHA1
0e3cfcfbbae1c8055db31dd9a4c76acc5e706954
-
SHA256
3210c028acfbbedf0e432633b9830e4949698b98e32fe2df7873010c5a102114
-
SHA512
b40f6fa9acb66fda23a7f3cfae07eda420286bf46b52a272e845c9b40db2716b7123c354e77916b2c645a9ead839b4f20156a66087cf3358d32c8f52a7c049b0
-
SSDEEP
24576:Jz0okaWwhIfMlzFlM17nvWfwWEPVrCkV3hlx+2THbQtbYgU9c1aI+r2A4/5Myz:BkaWwFlzF6yCV22D+2TXya2A4
Malware Config
Signatures
-
CoreEntity .NET Packer 1 IoCs
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
Processes:
resource yara_rule sample coreentity -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource Avalonia.Base.dll
Files
-
Avalonia.Base.dll.dll windows x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorDllMain
Sections
.text Size: 1.8MB - Virtual size: 1.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1016B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ