8f6992e1efb5365d26772bac22a8dab9bc2a313c4c35bac1509bdac2d9e75301 | Triage

Sharing

General

Target

8f6992e1efb5365d26772bac22a8dab9bc2a313c4c35bac1509bdac2d9e75301
Size

399KB
MD5

b3877bf288c7e56af9c53151509692d8
SHA1

1532cea2812176f5c8799fc1ed043e3863e5be0a
SHA256

8f6992e1efb5365d26772bac22a8dab9bc2a313c4c35bac1509bdac2d9e75301
SHA512

606b61df9de028ca3d508637c7b03fa874a1cc05c9fd4ddb88bd3c143119fa20bb58739631820324573b2b330f1e763c523bc065236b1998eadaba8a39bc8e24
SSDEEP

12288:tU5Vx3E7WY+q0ySUOJGqqByabk3RvzPtTC0ZTQFz6uZHMATU9zjhnP+8C1Bp+L/q:4fgWY+6SU8GqqBya

Score

10^/10

Malware Config

Signatures

Detects executables packed with ConfuserEx Mod 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_ConfuserEx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8f6992e1efb5365d26772bac22a8dab9bc2a313c4c35bac1509bdac2d9e75301

Files

8f6992e1efb5365d26772bac22a8dab9bc2a313c4c35bac1509bdac2d9e75301
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

\W;"Ci
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ