cdb8c484020d4d10d9d84a6a21b7d5dc159d23cf390d6844bf72057f0a47f13e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cdb8c484020d4d10d9d84a6a21b7d5dc159d23cf390d6844bf72057f0a47f13e
Size

789KB
MD5

7491a9f6cbf549cb90b9063a6a328dfc
SHA1

6259044bad9f4f0e86f345755f63966ce872c48f
SHA256

cdb8c484020d4d10d9d84a6a21b7d5dc159d23cf390d6844bf72057f0a47f13e
SHA512

b7973ff8e6a6cc1c9e465130196626dab77dcda71188d5f3c9fd30f634409477de2ab8d07c485e30c16b9c88edae128d3e1cbd1931bd21aa493ad9edd83b8652
SSDEEP

12288:2WiOnjtk2iGooKY/5900ENc3uM8rvAfokdTrQpIBjzuCOhCfVFF64d+dhuc:Bir

Score

10^/10

Malware Config

Signatures

Detects executables packed with ConfuserEx Mod 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_ConfuserEx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cdb8c484020d4d10d9d84a6a21b7d5dc159d23cf390d6844bf72057f0a47f13e

Files

cdb8c484020d4d10d9d84a6a21b7d5dc159d23cf390d6844bf72057f0a47f13e
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MoonLifterApp.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 712KB - Virtual size: 711KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ