97bd2c68e688dac7da137ba1fc89a044a12eedbcf955edf7f0d2c37d483afb22 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

97bd2c68e688dac7da137ba1fc89a044a12eedbcf955edf7f0d2c37d483afb22
Size

448KB
MD5

8f39b23590091979e0fb1af406f0f026
SHA1

7d6e1f6ef5971061d7601cb3e00a37c41186d4c8
SHA256

97bd2c68e688dac7da137ba1fc89a044a12eedbcf955edf7f0d2c37d483afb22
SHA512

3230baab1bd3d95de01e6a896beb951afab2626b590c4c33ee54e22f0bdaf883b7d231f852f4d6e5941137cb6648e18ebdb86bf8bd4e3eacaca8bea48122ecd8
SSDEEP

12288:qdPl1zX5DtMZHb2VJ17Ic+jWHelq8cv7gC3aV9Ftn9M1Ea6bBkFDyFOFfcX+nziP:qdt1zXzMZi7Q7

Score

10^/10

Malware Config

Signatures

Detects executables packed with ConfuserEx Mod 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_ConfuserEx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
97bd2c68e688dac7da137ba1fc89a044a12eedbcf955edf7f0d2c37d483afb22

Files

97bd2c68e688dac7da137ba1fc89a044a12eedbcf955edf7f0d2c37d483afb22
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

}vE+<jqe
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ