35ef1fb7aa5fa4fc9793b4eac9a1999c06e872a48c29e4749d30f65c9605c372 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

35ef1fb7aa5fa4fc9793b4eac9a1999c06e872a48c29e4749d30f65c9605c372
Size

2.0MB
MD5

29e1b54d017b350b0c22ccef1daa48fb
SHA1

8af251017054a1948cb87fe9d346eb013b199eaf
SHA256

35ef1fb7aa5fa4fc9793b4eac9a1999c06e872a48c29e4749d30f65c9605c372
SHA512

63f178b8a5c5a252190211cf145d2d53cf629ba44b610d51b6ee16b13aa855708553ac6c657764f1b4d376f0246f80912a462d8f74ae8a98152d5e4387bd9dd0
SSDEEP

24576:B2MSA77bgDoqlVXyA/b8Mf1dSDXnawvqQaJEYJLdalMPQN0/5WlYKa++/bLlQh:3J8ME9RtdSraNmYDnR/5jne

Score

10^/10

Malware Config

Signatures

Detects executables packed with ConfuserEx Custom; outside of GIT 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_ConfuserEx_Custom

Detects executables packed with ConfuserEx Mod 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_ConfuserEx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35ef1fb7aa5fa4fc9793b4eac9a1999c06e872a48c29e4749d30f65c9605c372

Files

35ef1fb7aa5fa4fc9793b4eac9a1999c06e872a48c29e4749d30f65c9605c372
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

Ho47
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 588KB - Virtual size: 587KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ