file | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file
Size

4.7MB
MD5

4a7c01c347ed9416940ed8597da69e27
SHA1

57d9f5334ed9d1036a71a5670158fe4b9d9cfd79
SHA256

20ed01a8e1ec898ec25499b5ac18d8522226e08c1ff8baffc327e63a6e46c919
SHA512

1a0da8e395404523e4f295b00be630fcbbb58106e8e94f87752dff62d50c921a97b6a05a9be11348e7bcae228b109c100cfc740a5820158c61c663769ca4ff0f
SSDEEP

49152:rZUJgcrkXw03C/V+H+5mf2B3+nkTQK4AUF5L/vEjF:VsgcwXr3CIe5IYTQK4RnLHEZ

Score

7^/10

agilenet

Malware Config

Signatures

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
sample	agile_net

Files

file
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:03:df:fb:6a:e3:f4:27:ec:b6:a3:00:00:00:00:03:df
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:24

Not After

02/12/2021, 21:24

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

93:55:6a:13:73:07:bc:f4:7d:fc:7f:3d:1a:11:5e:08:46:4b:b3:b0:d5:8a:db:41:60:eb:da:d0:bb:e1:74:6b
Signer

Actual PE Digest

93:55:6a:13:73:07:bc:f4:7d:fc:7f:3d:1a:11:5e:08:46:4b:b3:b0:d5:8a:db:41:60:eb:da:d0:bb:e1:74:6b

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

06/10/2022, 18:37
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:03:df:fb:6a:e3:f4:27:ec:b6:a3:00:00:00:00:03:dfCertificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

93:55:6a:13:73:07:bc:f4:7d:fc:7f:3d:1a:11:5e:08:46:4b:b3:b0:d5:8a:db:41:60:eb:da:d0:bb:e1:74:6bSigner

Signature Validations

Verification

06/10/2022, 18:37 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 4.7MB - Virtual size: 4.7MB

.rsrc Size: 27KB - Virtual size: 26KB

.reloc Size: 512B - Virtual size: 12B

33:00:00:03:df:fb:6a:e3:f4:27:ec:b6:a3:00:00:00:00:03:df
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

93:55:6a:13:73:07:bc:f4:7d:fc:7f:3d:1a:11:5e:08:46:4b:b3:b0:d5:8a:db:41:60:eb:da:d0:bb:e1:74:6b
Signer

06/10/2022, 18:37
Valid: false

.text
Size: 4.7MB - Virtual size: 4.7MB

.rsrc
Size: 27KB - Virtual size: 26KB

.reloc
Size: 512B - Virtual size: 12B