64e4dedb36812766c522c79cae57b7f3b2694efaa396151d4117a70282166117 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

64e4dedb36812766c522c79cae57b7f3b2694efaa396151d4117a70282166117
Size

87KB
MD5

5fc6a541845fdafb597ddfb98fa28b54
SHA1

22e5dd50ddd71bc39c812db0f9b164ca10c556dd
SHA256

64e4dedb36812766c522c79cae57b7f3b2694efaa396151d4117a70282166117
SHA512

f174e4ccc89d4a7473001a9153a9c3d63bedd393dda1ea3be171768b7587846722ad07445adeafa52ef54802a8ac84eb33ab1799248dcbf7db60aa4f311da5e3
SSDEEP

1536:ohUCASeb09Blk3A6UixmfnDY7Y+SlWrrBOJ0AupJzKo0bxxpxbYmEGQ:YUCArb0aA6Uemr8SgrVCXupJzKo0bxxg

Score

10^/10

Malware Config

Signatures

Detects executables packed with ConfuserEx Mod 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_ConfuserEx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64e4dedb36812766c522c79cae57b7f3b2694efaa396151d4117a70282166117

Files

64e4dedb36812766c522c79cae57b7f3b2694efaa396151d4117a70282166117
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WinDefend.pdb

Imports

mscoree

_CorExeMain

Sections

%q2hF6
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ