867c0faa68e9fdb109d2c68331e94b352364516cc6024ca3f30b6ce60a9302ca | Triage

Sharing

Copy URL Twitter E-mail

General

Target

867c0faa68e9fdb109d2c68331e94b352364516cc6024ca3f30b6ce60a9302ca
Size

238KB
MD5

34699ed272d8dd62e8aa8166df45d311
SHA1

50e70ba3b8c470c02f31b680000afcc385972235
SHA256

867c0faa68e9fdb109d2c68331e94b352364516cc6024ca3f30b6ce60a9302ca
SHA512

7186c092c5345b1b599dedff6b4931ed20147a0ad0f737e76391678cbc7ba73d97076cd1f80b26a98419c0b7a09737243ef9a978fb3e83f6d24e21190ac8d578
SSDEEP

6144:EVH+m5mfg4HHdIoBvHEVt72jEO2juWAPqNcXUY9+ZZlsn8VLg21S+JRAQI:E35mflpfEV12gUCCXUY9Jn8VLg21S+JQ

Score

10^/10

Malware Config

Signatures

Detects executables packed with ConfuserEx Mod 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_ConfuserEx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
867c0faa68e9fdb109d2c68331e94b352364516cc6024ca3f30b6ce60a9302ca

Files

867c0faa68e9fdb109d2c68331e94b352364516cc6024ca3f30b6ce60a9302ca
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

XU:h.
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ