Behavioral task
behavioral1
Sample
crunchyroll 16k.zip
Resource
win7-20230220-en
General
-
Target
crunchyroll 16k.zip
-
Size
7.5MB
-
MD5
175b5d04ac39a76484ac7722c5f8b1c5
-
SHA1
fe75e3f718981b2de331e4e3e961a253f1633eb1
-
SHA256
77fc5ec417f5bd3837d0ce042658ab25765b34450e7c08d269b38eec193bff0a
-
SHA512
c52e61e6e25588dd583385d6115484eabdfb9a29a61b9268da4a2e978c32b2283db1c8f0db5f064f46d9ece4d449170a01e98c21b08e568cc07311b99c1e5ee6
-
SSDEEP
196608:zi5QY3cTQGfR+1+bRolV40B2tbhASBoJ9vq0Ha86BRvk:aq3R+1+ClV49RpBov88d
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule static1/unpack001/Crunchyroll_p_.exe agile_net -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/Crunchyroll_p_.exe
Files
-
crunchyroll 16k.zip.zip
-
Crunchyroll_p_.exe.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 2.0MB - Virtual size: 2.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Size: 6.8MB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 304KB - Virtual size: 304KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
crunchyroll 16k.txt