Static task
static1
Behavioral task
behavioral1
Sample
Odeme -(Mayis).exe
Resource
win7-20240508-en
General
-
Target
a9ebf7e4670d9f014a98c83afc046b5a591edc21feeea989ec3895d4fd83390c.zip
-
Size
209KB
-
MD5
b63bcbf96badea5e34f393f72b3b4577
-
SHA1
e26044fbf92f9a33ed02174e6ce32e250e14d90e
-
SHA256
a9ebf7e4670d9f014a98c83afc046b5a591edc21feeea989ec3895d4fd83390c
-
SHA512
8252344c7e0cde0b61ad384bdab1bc8e06c7f87651cd1e9a7b883dbaf80cceb0052f1318abfd5bdd02d413a9172fdef6ebe3f9cf53efac8ddbdda6e717b9a5cd
-
SSDEEP
6144:D3UaolzBt09nG29wiGjTVxTTOkryVIoQRTq:Dk/vonqPn/TxrywRu
Malware Config
Signatures
-
Detects executables packed with ConfuserEx Mod 1 IoCs
resource yara_rule static1/unpack001/Odeme -(Mayis).exe INDICATOR_EXE_Packed_ConfuserEx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/Odeme -(Mayis).exe
Files
-
a9ebf7e4670d9f014a98c83afc046b5a591edc21feeea989ec3895d4fd83390c.zip.zip
-
Odeme -(Mayis).exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
oz{XYQ* Size: 187KB - Virtual size: 186KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text Size: 50KB - Virtual size: 49KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ