Behavioral task
behavioral1
Sample
252dbf19133d7c806d2d735d45a4b541beb0e823e390716ec669a753119323df.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
252dbf19133d7c806d2d735d45a4b541beb0e823e390716ec669a753119323df.exe
Resource
win10v2004-20220901-en
General
-
Target
252dbf19133d7c806d2d735d45a4b541beb0e823e390716ec669a753119323df
-
Size
1.0MB
-
MD5
ba94b8d9b8240b4958e493f20dcd1661
-
SHA1
e188dea55d097009b49a6e809c288aa700fd2119
-
SHA256
252dbf19133d7c806d2d735d45a4b541beb0e823e390716ec669a753119323df
-
SHA512
666e64995c70cc08d5cee97aeda9d8ebeba5d2f04974eb25104d1683c01fde8af11aab1e8a0dd600d5ace5d70c46b97b54ee9db5f4cd65675f8808d2061b5298
-
SSDEEP
24576:P+nIKZfldGM5sEvSI+k4rRrDW1c9wBmTGNN5:PaIUldGraSI+jlrS1c9wz5
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule sample agile_net
Files
-
252dbf19133d7c806d2d735d45a4b541beb0e823e390716ec669a753119323df.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 1.0MB - Virtual size: 1.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ