f0aa1afd37945fe423112eb42f3456d17318483efd9b797d9afcd864fa6d671d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f0aa1afd37945fe423112eb42f3456d17318483efd9b797d9afcd864fa6d671d
Size

192KB
MD5

b4ed030d8d7b1ca9ed607003a1861ab3
SHA1

4ee84698d47d8935a600f44912ca3a4503b7ec93
SHA256

f0aa1afd37945fe423112eb42f3456d17318483efd9b797d9afcd864fa6d671d
SHA512

6bcc7961bc4f56c0cce29f7d92702e7ab6e133166fff2db31e7f6cda4cd329625d73cba4c1c3ec8a8c0acefa5dbae040be77f8d0e3df6768628255a234b919a5
SSDEEP

1536:5B1AY1c9Gqn6T87KJCq0Df+gWJgBnr6qPTgj66dDEXHyU0:n+94A7Kx9

Score

10^/10

Malware Config

Signatures

Detects executables packed with ConfuserEx Mod 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_ConfuserEx

Detects files referencing the transfer.sh file sharing website 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_TransferSh_URL

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0aa1afd37945fe423112eb42f3456d17318483efd9b797d9afcd864fa6d671d

Files

f0aa1afd37945fe423112eb42f3456d17318483efd9b797d9afcd864fa6d671d
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

BHh876.pdb

Imports

mscoree

_CorExeMain

Sections

+ ,G&
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ