a9ebf7e4670d9f014a98c83afc046b5a591edc21feeea989ec3895d4fd83390c[.]zip | Triage

Sharing

General

Target

a9ebf7e4670d9f014a98c83afc046b5a591edc21feeea989ec3895d4fd83390c.zip
Size

209KB
MD5

b63bcbf96badea5e34f393f72b3b4577
SHA1

e26044fbf92f9a33ed02174e6ce32e250e14d90e
SHA256

a9ebf7e4670d9f014a98c83afc046b5a591edc21feeea989ec3895d4fd83390c
SHA512

8252344c7e0cde0b61ad384bdab1bc8e06c7f87651cd1e9a7b883dbaf80cceb0052f1318abfd5bdd02d413a9172fdef6ebe3f9cf53efac8ddbdda6e717b9a5cd
SSDEEP

6144:D3UaolzBt09nG29wiGjTVxTTOkryVIoQRTq:Dk/vonqPn/TxrywRu

Score

10^/10

Malware Config

Signatures

Detects executables packed with ConfuserEx Mod 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/Odeme -(Mayis).exe	INDICATOR_EXE_Packed_ConfuserEx

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/Odeme -(Mayis).exe

Files

a9ebf7e4670d9f014a98c83afc046b5a591edc21feeea989ec3895d4fd83390c.zip
.zip
Odeme -(Mayis).exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

oz{XYQ*
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ