NewID Executor Normal[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NewID Executor Normal.exe
Size

8.2MB
MD5

d1a7fe63c1646971f90c14e990c4ac77
SHA1

4574abb447de2b306b4af7642ef1807227410c1e
SHA256

1728d4be564bad5a1a05ea03445667fd083743ec68f3ba57b407a2d829f5cbd2
SHA512

092f52e3db45533da90c8180b8d746070d05988ed5b18b7ef875c3a947f936bc4c2e36e9c3b76c6ce69e78deeef064f01d85b854c2cb9603ffb1c3a9b7cca11f
SSDEEP

196608:xAt/mCyt8yLre39yk1CPwDvt3uFGCC23dEVB3i9e:A/mCyt8yLre34k1CPwDvt3uFRC23dEVf

Score

3^/10

Malware Config

Signatures

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
sample	embeds_openssl

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NewID Executor Normal.exe

Files

NewID Executor Normal.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\SerGreen\Source\Repos\Appacker\UnpackerWindowless\obj\Release\UnpackerWindowless.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ