ByfronKiller[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ByfronKiller.exe
Size

7.0MB
MD5

abf02cafb30dfdf47c5bd761a52643e6
SHA1

9042ae3134133d856dab5a2dc013e0af31ecd0b4
SHA256

8008e3c25fa3dee6038256c91e12d5f39275f008cd9b3920512242989b12ab17
SHA512

e7c76f98554b4a27a8c18f2204cf403de09c042f6acb15634d9236e0e5228eebd39782729c92ea2b40b16a2ad83b074da1af62a439c08a5e8a78b7ea08da9a1b
SSDEEP

98304:8B2pC6XG4HNkq5UKPhc24Y1/QPldHVTgPNhV0ADXqQgpkWDRIZVMnu0jjD8ueJUJ:lcUG4raKu24YY7HVT4hV0AD6QgqKRgXo

Score

7^/10

agilenet

Malware Config

Signatures

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

resource	yara_rule
sample	agile_net

Files

ByfronKiller.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

03:e8
Certificate

Issuer

Not Before

26/03/2023, 19:07

Not After

25/03/2024, 19:07

Subject

CN=Microsoft Corporation

05:02:4f:c2:ab:95:f8:13:b8:39:11:dd:ee:a2:84:e7:c9:a3:fb:06
Signer

Actual PE Digest

05:02:4f:c2:ab:95:f8:13:b8:39:11:dd:ee:a2:84:e7:c9:a3:fb:06

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ