Behavioral task
behavioral1
Sample
821695f1c5cfee3bdb0ce172888bfc251b30ac7d8e6939bae92a3d8f5dbdfdd0.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
821695f1c5cfee3bdb0ce172888bfc251b30ac7d8e6939bae92a3d8f5dbdfdd0.exe
Resource
win10v2004-20221111-en
General
-
Target
821695f1c5cfee3bdb0ce172888bfc251b30ac7d8e6939bae92a3d8f5dbdfdd0
-
Size
984KB
-
MD5
87d560227997de8e57d799b8178ac919
-
SHA1
5e108f5bb3a6b322cf0fb15f11b4aac0601f2102
-
SHA256
821695f1c5cfee3bdb0ce172888bfc251b30ac7d8e6939bae92a3d8f5dbdfdd0
-
SHA512
e32ba7e8fa89495456554d1d582b2391ba63e054e22d56e1c070c8a9cb93a72a5780c9a13f2717b9bf4b7f3eee7189123dab50ae6e1bbdc02e70fba01392dc65
-
SSDEEP
24576:9GxoANniFtffKpES0kkeslO864hKHTYfX2QE:9GDU0H0kke6OwhCkfm
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule sample agile_net
Files
-
821695f1c5cfee3bdb0ce172888bfc251b30ac7d8e6939bae92a3d8f5dbdfdd0.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 982KB - Virtual size: 981KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ