2e4c183b0dbe2f4c3b098187f5299c4f39a12b4f0f9b5999b54b1a1e5a89687c | Triage

Sharing

General

Target

2e4c183b0dbe2f4c3b098187f5299c4f39a12b4f0f9b5999b54b1a1e5a89687c
Size

802KB
MD5

b1d74d665c366dd75bf0bd47513d83dd
SHA1

8a11a22adebda4aa5168db76d6aaa4ec87268cc1
SHA256

2e4c183b0dbe2f4c3b098187f5299c4f39a12b4f0f9b5999b54b1a1e5a89687c
SHA512

4da00810b71a29e518d8c84acb79ca587cd97f66bb7edf93f852cb68442f665854ff3dc13ec1cf86f8935d7ad934ea903a410823444d030268b590984360a311
SSDEEP

6144:Edgz+zjjBskCh96kg1J9ssdXG3VvK/xks0LpTg3oI+bzPHXODsf4ZZYmt3FM/3LF:+O+KhTijm+Wr6

Score

10^/10

Malware Config

Signatures

Detects executables packed with Dotfuscator 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_Dotfuscator

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e4c183b0dbe2f4c3b098187f5299c4f39a12b4f0f9b5999b54b1a1e5a89687c

Files

2e4c183b0dbe2f4c3b098187f5299c4f39a12b4f0f9b5999b54b1a1e5a89687c
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 768KB - Virtual size: 767KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ