488dacac0fd2eecf309f6334f064a2cab2978cd458b1c98a9c40e5d7b3bc08ba.7z

RAR

HOSTILE

Mal-ecule

Size 465.8 KB download

First seen 36 days ago

Analyzed 19 days ago

Objectives

evasion/masquerade/file Document double-extension executable

evasion/masquerade PE stem disagrees with embedded PDB stem

anti-static/obfuscation/binary-metrics Binary has normal code entropy (>5.5)

anti-static/obfuscation/payload PE version resource text

command-and-control/infrastructure Binary has 4 or fewer sections

evasion/indicator-removal Regex component marker

evasion/masquerade/identity Two dotted-quad version strings

impact/wipe/disk Gutmann pattern 49 24 92

communications/http/server Modification of HTTP context items

file-extension-mismatch File extension claims SevenZ but content is Rar

binary/section Large high-entropy random executable section

build Manifest is MyApplication template name

binary .NET Metadata Root (BSJB)

binary/metrics Binary has 1000 or more strings

dotnet .NET assembly detected via BSJB CLR metadata signature

dylib::mscoree links mscoree (CorExeMain)

hardening NO_SEH (SafeSEH not used)

lang/compiler mscorlib reference

package Large binary with few DLL dependencies

binary/anomaly PE version info numeric fields present

20 of 41 traits shown

SHA-256	488dacac0fd2eecf309f6334f064a2cab2978cd458b1c98a9c40e5d7b3bc08ba
Filename	488dacac0fd2eecf309f6334f064a2cab2978cd458b1c98a9c40e5d7b3bc08ba.7z

Source	harvest

Not seeing what you expected? Let us know