6d05d5e5310b31e26aaf54e7297f0f199056c92545c3b2602367dcdb67c761d0[.]zip | Triage

Sharing

General

Target

6d05d5e5310b31e26aaf54e7297f0f199056c92545c3b2602367dcdb67c761d0.zip
Size

209KB
MD5

911cbc95cc2e6f3dde112dd932a85768
SHA1

0e1c1bb30e49a90ab1935bb22656f30d79a19eb9
SHA256

6d05d5e5310b31e26aaf54e7297f0f199056c92545c3b2602367dcdb67c761d0
SHA512

1a00cb41e3bf65b075fa707b6ff14e93e0a968da175683536c12aac634390049560696e0678fb6ba59840057f54fdc7d8f76afc4d8c8c4ec90c9d61ab38cf7c7
SSDEEP

6144:xG2x2neJf5QvtMpiSgIwS86GvvsMP1i8W/aCMpI9:x6eJf5mMppgIwS+vxPWJ

Score

10^/10

Malware Config

Signatures

Detects executables packed with ConfuserEx Mod 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/Dekont-Mayis.exe	INDICATOR_EXE_Packed_ConfuserEx

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/Dekont-Mayis.exe

Files

6d05d5e5310b31e26aaf54e7297f0f199056c92545c3b2602367dcdb67c761d0.zip
.zip
Dekont-Mayis.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

N{MhIeA
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ