02d6603728cccf68461d5e5edcdf8f9b2d0a572bc6f03be06eca5b9618b9cd39

Sharing

Copy URL Twitter E-mail

General

Target

02d6603728cccf68461d5e5edcdf8f9b2d0a572bc6f03be06eca5b9618b9cd39
Size

564KB
MD5

bf0ec181609995cca6cc1f4f210708e0
SHA1

315a58e9a76c7ec8b73a0a3e03c1e8d47e76e302
SHA256

02d6603728cccf68461d5e5edcdf8f9b2d0a572bc6f03be06eca5b9618b9cd39
SHA512

ef151b4a0bcadb080fd20a47a56ebc3fd21616690a1be94a3f0f2d463e536d9f62973fd73c272b3a547b657b9a5ba824bd730c9ebb4b8c070f5bcb58f715b410
SSDEEP

12288:dNdXXvvxNyiTak5xCaTbIU7hPCLQOE2OPtjTnnnnnE2D:dNlXvvqimTtWKMlN

Score

10^/10

Malware Config

Signatures

Detects executables packed with ConfuserEx Mod 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_ConfuserEx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02d6603728cccf68461d5e5edcdf8f9b2d0a572bc6f03be06eca5b9618b9cd39

Files

02d6603728cccf68461d5e5edcdf8f9b2d0a572bc6f03be06eca5b9618b9cd39
.exe windows:5 windows x86 arch:x86

8d377bb699533bdff09b0767a380a79d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\fridayT.pdb

Imports

kernel32

LoadResource
SizeofResource
WriteFile
CloseHandle
FindResourceW
InitializeCriticalSectionAndSpinCount
GetTempPathW
GetTempFileNameW
CreateFileW
MultiByteToWideChar
GetModuleHandleW
FindResourceExW
LockResource
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
RaiseException
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
EncodePointer
DecodePointer
RtlUnwind
GetCommandLineW
GetStdHandle
GetModuleFileNameW
IsProcessorFeaturePresent
InterlockedDecrement
ExitProcess
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
Sleep
IsDebuggerPresent
SetLastError
InterlockedIncrement
GetCurrentThread
GetCurrentThreadId
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateSemaphoreW
OutputDebugStringW
LoadLibraryExW
LoadLibraryW
SetConsoleCtrlHandler
WideCharToMultiByte
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FatalAppExitA
InterlockedExchange
FreeLibrary
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
FlushFileBuffers
WriteConsoleW

advapi32

RegOpenKeyExW

oleaut32

SysAllocStringLen

mscoree

CorBindToRuntimeEx

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 378KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d377bb699533bdff09b0767a380a79d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

oleaut32

mscoree

Sections

.text Size: 109KB - Virtual size: 108KB

.rdata Size: 47KB - Virtual size: 47KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 378KB - Virtual size: 377KB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 109KB - Virtual size: 108KB

.rdata
Size: 47KB - Virtual size: 47KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 378KB - Virtual size: 377KB

.reloc
Size: 17KB - Virtual size: 16KB