Behavioral task
behavioral1
Sample
e0d1e04b91930625c7fe0ad3698792a9cdb9c827e572c5c04ef0700b967912a2.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
e0d1e04b91930625c7fe0ad3698792a9cdb9c827e572c5c04ef0700b967912a2.exe
Resource
win10v2004-20221111-en
General
-
Target
e0d1e04b91930625c7fe0ad3698792a9cdb9c827e572c5c04ef0700b967912a2
-
Size
501KB
-
MD5
0e788dd82676738ee3a0182aaade9363
-
SHA1
80df1c5382a8d19084e1ad4a1ceccf3acb537086
-
SHA256
e0d1e04b91930625c7fe0ad3698792a9cdb9c827e572c5c04ef0700b967912a2
-
SHA512
d2ccef2a016106c28af3aa4aadb1207fd3c86fed5a2b38a7e9501e9a38cd168e9bebe85b75b2748b304c0220060aca12db94d427a98898e3ede20c54412a6c49
-
SSDEEP
12288:CZmGFxZLgamfylaI0wqRu7Fwrhqkx4Nl8O1ccatS4RXKb/jQhvZn:8tFxufylaIPqR+F8yBrYRab/UhR
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule sample agile_net
Files
-
e0d1e04b91930625c7fe0ad3698792a9cdb9c827e572c5c04ef0700b967912a2.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 215KB - Virtual size: 214KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 285KB - Virtual size: 285KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ