3c66b4f297b42e105651cf9070eb7eb9abbe776645ea98c2a52b2b66a706cf3b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3c66b4f297b42e105651cf9070eb7eb9abbe776645ea98c2a52b2b66a706cf3b
Size

440KB
MD5

761e9ccba3c2f2296061b69c9df85872
SHA1

33af3380701af15fc9baf5c00b81c5a608bc5bc0
SHA256

3c66b4f297b42e105651cf9070eb7eb9abbe776645ea98c2a52b2b66a706cf3b
SHA512

9b866d94c9de569a0521003c0716b73d18adf4d0651c0b44e26d1316994456e7f52ceb866680692a485eeae60463611fc7eb0d18d596f63fc902d904298c5798
SSDEEP

12288:gUboGluYKB2UbAmhklYfnMxDR1sxiyo41bJqtwYerfYtzP8KXE6oQqXT0fdsrHnB:gJGluYKfbAm

Score

10^/10

Malware Config

Signatures

Detects executables packed with ConfuserEx Mod 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_ConfuserEx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c66b4f297b42e105651cf9070eb7eb9abbe776645ea98c2a52b2b66a706cf3b

Files

3c66b4f297b42e105651cf9070eb7eb9abbe776645ea98c2a52b2b66a706cf3b
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

D6,+o*
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 259KB - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ