General
-
Target
b5e68270350dc7a56951b77f9a3b79995a8db3df475b2e821bab48f28103d416.zip
-
Size
406KB
-
MD5
ca8640fd75307f0c94958fce4f583d09
-
SHA1
3a97373a6575bcaab7d0848950812a3dc76da506
-
SHA256
e93c62d59378718561a09bb845d447ce8085efd15b7413d2d4b9ca4913843ca3
-
SHA512
638e102a5d189f6e4167ffd8b2ec27ffd024111de97672dd606fd16f51197920d98e92c320b77f272d02704adf3938648dbf7bfd8215a55f9b2a2d5d167daa9d
-
SSDEEP
12288:PQIV20dYAyKATk2Z8iDUJqJI24njbV9Ukxj:PQIV20dYApAn8Z/PsG
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
resource yara_rule static1/unpack001/POS.exe agile_net
Files
-
b5e68270350dc7a56951b77f9a3b79995a8db3df475b2e821bab48f28103d416.zip.zip
Password: infected
-
POS.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 457KB - Virtual size: 456KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 42KB - Virtual size: 41KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ