aad9903b9803b9a3e2d6c7677d8eb80f537a3543e26725c48dde5e4c53d518b7[.]exe | Triage

Sharing

General

Target

aad9903b9803b9a3e2d6c7677d8eb80f537a3543e26725c48dde5e4c53d518b7.exe
Size

1.0MB
MD5

e51e1e4a21fef3fd98784683d80b5a02
SHA1

309790387ec94c189ef94803a87fab335159657a
SHA256

aad9903b9803b9a3e2d6c7677d8eb80f537a3543e26725c48dde5e4c53d518b7
SHA512

329922a8229f6e07f549e8919b4f6e1d60bf7d153b30487c8dde0116d8b31745f88d3f7bf20616d2a88276e8d2c24859e73440a03d4d2ecc08cd207678d84265
SSDEEP

24576:A1QNv9uN9fFNd6AtvbGN/BCfKEPmxKVnRNWg:A1WluN9fZvbGyKFxg

Score

10^/10

Malware Config

Signatures

Detects executables packed with ConfuserEx Mod 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_ConfuserEx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aad9903b9803b9a3e2d6c7677d8eb80f537a3543e26725c48dde5e4c53d518b7.exe

Files

aad9903b9803b9a3e2d6c7677d8eb80f537a3543e26725c48dde5e4c53d518b7.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

bS6D
Size: 909KB - Virtual size: 908KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ