23909b22079b8d7a53e9a3e7940cbc4626ba74f19382973e1b3dafbade7243ea[.]zip | Triage

Sharing

General

Target

23909b22079b8d7a53e9a3e7940cbc4626ba74f19382973e1b3dafbade7243ea.zip
Size

209KB
MD5

4a797e6558479267a68168a84353471d
SHA1

17ec991d7f0bcecf0005f8c4049617a7b72b469b
SHA256

23909b22079b8d7a53e9a3e7940cbc4626ba74f19382973e1b3dafbade7243ea
SHA512

fa3864fc78e8b63f85fe415dc2c33748486df34c31a94a7d31063bc9839ee9608f593302b3dc0030ab1ba97c51830fb7f74c281af310330f2e10ccd6f9fd29ee
SSDEEP

3072:FLY3zta+9GTSkEHV3EdRvHm4jIOLLSByuqaxFZjR55aYSvYPd9O50TXqGIy/kgfu:RszVkEHVMRfmNOSdqaVv5nd9OEIyMUu

Score

10^/10

Malware Config

Signatures

Detects executables packed with ConfuserEx Mod 1 IoCs

resource	yara_rule
static1/unpack001/Dekont-Mayis.exe	INDICATOR_EXE_Packed_ConfuserEx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Dekont-Mayis.exe

Files

23909b22079b8d7a53e9a3e7940cbc4626ba74f19382973e1b3dafbade7243ea.zip
.zip
Dekont-Mayis.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

"G`9D/
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ