2024-05-08_0b6daf49bad46241961f0ba69daf47ab_hiddentear | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-08_0b6daf49bad46241961f0ba69daf47ab_hiddentear
Size

317KB
MD5

0b6daf49bad46241961f0ba69daf47ab
SHA1

bbeabbbf784efaeae269dc8af2d66276dfb021eb
SHA256

b69ecaa7dbdb622e13a7c29abbaf191fa83a2a8e6c8b00008297123afefbc28e
SHA512

dfcba0969dcecd61085ac23041c960cb54959fa192b6c4ce2bb84285c2e7b757f6f024c2b92ec673a327864f701352fe1c97f26afb9572284ed208c1d7defb80
SSDEEP

6144:H5t1aLB8/jGkFnUjXoLJpyBdZOHpeIBwhyvIFY+IU+lDAA:w98/jNC8FpdJe1hyvIFY+ITdAA

Score

10^/10

Malware Config

Signatures

Detects executables packed with ConfuserEx Mod 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_ConfuserEx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-08_0b6daf49bad46241961f0ba69daf47ab_hiddentear

Files

2024-05-08_0b6daf49bad46241961f0ba69daf47ab_hiddentear
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

G!TG.
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ