Behavioral task
behavioral1
Sample
c8b405bcb1a9991a1f1f083c028efbb2359ca94e4c3886793501c89f70785178.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
c8b405bcb1a9991a1f1f083c028efbb2359ca94e4c3886793501c89f70785178.exe
Resource
win10v2004-20220812-en
General
-
Target
c8b405bcb1a9991a1f1f083c028efbb2359ca94e4c3886793501c89f70785178
-
Size
188KB
-
MD5
4b0f500a9ea0169e30a30b47b108edf1
-
SHA1
aaf7baf94d7d48af6c4d87dfa8d785f26030a723
-
SHA256
c8b405bcb1a9991a1f1f083c028efbb2359ca94e4c3886793501c89f70785178
-
SHA512
716dac15667c08bee857d987c5a83af0af710740fcf1f57a4f10ab8c7bf8ea5ef39bff937e834fb007b077ea8274241f3cc733242b234a4f9e800c17908cbffb
-
SSDEEP
3072:XlIcjJpqBXalxG2HghAOg5Lt+BOiVpTaTuZHn9/wRndcgU7E:XlIOABXalctgF6wuT/w5Wg
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule sample agile_net
Files
-
c8b405bcb1a9991a1f1f083c028efbb2359ca94e4c3886793501c89f70785178.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 185KB - Virtual size: 185KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ