dfea9fa54974479b6fe5df79b11c5c7307bec32d81c38495778d4534408c7c38[.]exe | Triage

Sharing

General

Target

dfea9fa54974479b6fe5df79b11c5c7307bec32d81c38495778d4534408c7c38.exe
Size

243KB
MD5

4aad0d0ea510075b228330ca1f55d242
SHA1

c43b2fa5fc86a597d7f9d2139dce34d017028388
SHA256

dfea9fa54974479b6fe5df79b11c5c7307bec32d81c38495778d4534408c7c38
SHA512

532e5b415efd115d490c4ba60c6753bd7904a00eb5767554ec1744b2ee453a7bc81dd407215764b0361b738b50b2b2605f2ff5924dc8cbda3bafd03ffa38fc4c
SSDEEP

6144:1OYJ+Mul9FCrE+9Gheadlky0fXiJ+VCDsaBEx3EyVW6c7XFI:1NcMmbCrE+Tqky0cmr3EyVW6c7O

Score

10^/10

Malware Config

Signatures

Detects executables packed with ConfuserEx Mod 1 IoCs

Processes:

resource	yara_rule
sample	INDICATOR_EXE_Packed_ConfuserEx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
dfea9fa54974479b6fe5df79b11c5c7307bec32d81c38495778d4534408c7c38.exe

Files

dfea9fa54974479b6fe5df79b11c5c7307bec32d81c38495778d4534408c7c38.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

@$zz?ew
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ