Behavioral task
behavioral1
Sample
76a696210940c2f1558c70d406bf8b8ebd3333d74b67502e791175edfd0e4496.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
76a696210940c2f1558c70d406bf8b8ebd3333d74b67502e791175edfd0e4496.exe
Resource
win10v2004-20220901-en
General
-
Target
76a696210940c2f1558c70d406bf8b8ebd3333d74b67502e791175edfd0e4496
-
Size
456KB
-
MD5
66000acbc2d8fae43155f8e9461f4a1e
-
SHA1
dc658b6e6614a26460dbb898a8d8a1204a927aef
-
SHA256
76a696210940c2f1558c70d406bf8b8ebd3333d74b67502e791175edfd0e4496
-
SHA512
a2114011dc49a378b8db83b32d104a143080d7d67b5abe4ec319bfb46a04bc3ff6b1e9828c3946883687bedc729ebc706a240be471f495e603b19ef7984cd060
-
SSDEEP
6144:d1wIrX4QjBeub+7lgqocKHe3VLOalVCC8MIJtWxqie3sMeTAZi5rEhS89wp7Y2NW:d1wIroEn+7lgAVCC8MIJtWQteG0/Yb
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule sample agile_net
Files
-
76a696210940c2f1558c70d406bf8b8ebd3333d74b67502e791175edfd0e4496.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 452KB - Virtual size: 452KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ