Behavioral task
behavioral1
Sample
HEUR-Trojan-Ransom.MSIL.Crypmodadv.gen-2b5c0eed6f0e364b39dba4263611b01e7c2399232fbf23a66ad17760d616314c.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
HEUR-Trojan-Ransom.MSIL.Crypmodadv.gen-2b5c0eed6f0e364b39dba4263611b01e7c2399232fbf23a66ad17760d616314c.exe
Resource
win10v2004-20220812-en
General
-
Target
HEUR-Trojan-Ransom.MSIL.Crypmodadv.gen-2b5c0eed6f0e364b39dba4263611b01e7c2399232fbf23a66ad17760d616314c.exe
-
Size
284KB
-
MD5
668983cf8223a398f4b8a1a4d7cddb7a
-
SHA1
8fa5d4312dd5f1964a3bd34d2c09842ec02f135c
-
SHA256
2b5c0eed6f0e364b39dba4263611b01e7c2399232fbf23a66ad17760d616314c
-
SHA512
5e0e868a6640d1bf836142f14c3d29d658996e38e3e380c670132c0c85cbf8f9c6dfa0d58d9a04b2606ab1d0cf8d2c26449f869003c03207591d09e0061d9646
-
SSDEEP
6144:ISoIcVpYGcAeYIiSOOrYJoLiWMWvGKab2btuMcjV:ILIaBoU4iFWvztuMcjV
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule sample agile_net
Files
-
HEUR-Trojan-Ransom.MSIL.Crypmodadv.gen-2b5c0eed6f0e364b39dba4263611b01e7c2399232fbf23a66ad17760d616314c.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 282KB - Virtual size: 281KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ