Behavioral task
behavioral1
Sample
2d6a03aa9a578344e44a07e10d9b264abb51a3847ed3f264660a0c1b1857e5c7.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
2d6a03aa9a578344e44a07e10d9b264abb51a3847ed3f264660a0c1b1857e5c7.exe
Resource
win10v2004-20221111-en
General
-
Target
2d6a03aa9a578344e44a07e10d9b264abb51a3847ed3f264660a0c1b1857e5c7
-
Size
255KB
-
MD5
f46ac1a243dbd99ba7062da53b48e36b
-
SHA1
c007fef12d4f9afd7bfbaa86ce330ad05e6f3e57
-
SHA256
2d6a03aa9a578344e44a07e10d9b264abb51a3847ed3f264660a0c1b1857e5c7
-
SHA512
48047b13bbb90daacc52869cee62b295b60d775c4a7640c57e3e4dac160f6b62e7249c48dad3eb1e6c2f35af8fc650f90b6cbee045437f4f21f79107d7207eca
-
SSDEEP
6144:/lIa13U16XmP1DdVmdK4wuT/w5WgvNaU7X9h:l13UYXmP1q04wxVkUZh
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule sample agile_net
Files
-
2d6a03aa9a578344e44a07e10d9b264abb51a3847ed3f264660a0c1b1857e5c7.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 186KB - Virtual size: 186KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ