Static task
static1
Behavioral task
behavioral1
Sample
054527988476fbdfcca3d4eec4d530c5529e2360b3f84beab0578b1411cad952.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
054527988476fbdfcca3d4eec4d530c5529e2360b3f84beab0578b1411cad952.exe
Resource
win10v2004-20240412-en
General
-
Target
054527988476fbdfcca3d4eec4d530c5529e2360b3f84beab0578b1411cad952.exe
-
Size
359KB
-
MD5
24899e0590707e01cd9fbdfab6dd922b
-
SHA1
ae88a813c9dd1d766134789052f1e8e1ecaeb4be
-
SHA256
054527988476fbdfcca3d4eec4d530c5529e2360b3f84beab0578b1411cad952
-
SHA512
1c514b5cccd7610260a52f8810c8bfe67c9c7d18d31a7fd1d85a1bb3ace5ff9e2212599653f323cf022a8c0d1f5a28bc8f32b59c87c4c9428fe7e852109c9f44
-
SSDEEP
6144:XUYNazqRCG5W3N95g8xzxr2RFx7+/3qrjTepYSUtKAhJMmo+g1R5E/meXvgDSgi8:EdzmloBxzxr2Rv7+CrHD5tlJyDnK/mek
Malware Config
Signatures
-
Detects executables packed with ConfuserEx Mod 1 IoCs
resource yara_rule sample INDICATOR_EXE_Packed_ConfuserEx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 054527988476fbdfcca3d4eec4d530c5529e2360b3f84beab0578b1411cad952.exe
Files
-
054527988476fbdfcca3d4eec4d530c5529e2360b3f84beab0578b1411cad952.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
X IY6$ Size: 306KB - Virtual size: 306KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text Size: 46KB - Virtual size: 45KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ