Behavioral task
behavioral1
Sample
Multi-X_v1.2-Unpacked.exe
Resource
win10v2004-20230220-en
General
-
Target
Multi-X_v1.2-Unpacked.exe
-
Size
24.6MB
-
MD5
cf386e252de869bbcd0f226a95857509
-
SHA1
6ebbaff3e4448c73b89298d5fb972d18026a40e8
-
SHA256
cc4efaaba90c0141aecfe2992543ffdc9b80b20d8213b51f52606861fd5bad89
-
SHA512
9b5073709369822113004d7a5bde324234a3d7e98b5e69f1abaa4a4f7c75ef98ad75cc38fa6bb8ed882299d05be6e46d5593c48595f2b3e1e1edb75368e4dce6
-
SSDEEP
196608:fhuGzT1iRHmGUDXeOaJVivbsv6wX7KAltYBMzm0k1ipuQxYWMs+y4A:fhueqGxDXeJJV2wF88Ispuy
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule sample agile_net
Files
-
Multi-X_v1.2-Unpacked.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 8.3MB - Virtual size: 8.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 106KB - Virtual size: 106KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ