f07972ae72f0f34d6b06dd4dfd59def1a55c58f9a8fe9bb055a1c9f7342c75a4 | Triage

Sharing

General

Target

f07972ae72f0f34d6b06dd4dfd59def1a55c58f9a8fe9bb055a1c9f7342c75a4
Size

1.8MB
MD5

1fede9d10707ca833011f7b0d91ed354
SHA1

a2f7dae42a9820eb04586cfc00fa3b04da8510b3
SHA256

f07972ae72f0f34d6b06dd4dfd59def1a55c58f9a8fe9bb055a1c9f7342c75a4
SHA512

d67a09a2a4dfc9908bec41ffee6b4b5d093ad83bd6717c2ec4aece58774be4d7d490f6aa257e0a97c7de851498a0f7372bb5ce8f4a8b148fe413405827ae206b
SSDEEP

49152:SFgOZmptfWVIzt14YQFgOZmptfWVIztDoop:SFBZm7Hz4YQFBZm7Hzio

Score

10^/10

Malware Config

Signatures

Detects executables packed with Enigma 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_Enigma

Detects packed executables observed in Molerats 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_Loader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f07972ae72f0f34d6b06dd4dfd59def1a55c58f9a8fe9bb055a1c9f7342c75a4

Files

f07972ae72f0f34d6b06dd4dfd59def1a55c58f9a8fe9bb055a1c9f7342c75a4
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 516KB - Virtual size: 516KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.enigma1
Size: 1.0MB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enigma2
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE