cb2737559a2c6439c95e111508f2cb167c03ead108c661da6fffcf33be57523b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cb2737559a2c6439c95e111508f2cb167c03ead108c661da6fffcf33be57523b
Size

53KB
MD5

d54059440673913375a6df743ed1a3b2
SHA1

cc82974927e2ca810b38b58372d6b24e1887bc6b
SHA256

cb2737559a2c6439c95e111508f2cb167c03ead108c661da6fffcf33be57523b
SHA512

0a0f21984f4c6135cec8b546181aedbed8e1526a69c154d955a8d4726b27be6b74b0bc3d309fa57a7a306aff427f49b6b8eef79cb62bea090bdb57add5f076b6
SSDEEP

1536:aLt/RscEFzCbi9rbLf6v3pzVZIaUw8BzTYdz:ct/RdE1upzVZILwZz

Score

10^/10

Malware Config

Signatures

Detects executables packed with ConfuserEx Mod 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_ConfuserEx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cb2737559a2c6439c95e111508f2cb167c03ead108c661da6fffcf33be57523b

Files

cb2737559a2c6439c95e111508f2cb167c03ead108c661da6fffcf33be57523b
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Hologic.Licensing.Gemini.pdb

Imports

mscoree

_CorDllMain

Sections

iI\Vbapv
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ