Behavioral task
behavioral1
Sample
Server.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Server.exe
Resource
win10v2004-20230703-en
General
-
Target
Server.exe
-
Size
7.0MB
-
MD5
207464494ff8b63ce762059e5b8c853e
-
SHA1
fe1b95c80caed64e7455aa2594d03a21f6abf588
-
SHA256
7b4955289439ffecf471bd4406e8814cc5b1fc510f7f4b2db1c533756c6fff47
-
SHA512
35d7dd4b134314210348edd57950cdd3adb4ac7bb042c4e4ffd3ceb40d966fab926c0d8747123b4bee859bd150c80a69ef7ad4b26a6a890c11d2e3f0a2612481
-
SSDEEP
98304:EB2pC6XG4HNkqUUKPhc24Y1/QPldHVTgPNhV0ADXqQgpkWDRIZVMnu0jjD8ueJU:tcUG4rHKu24YY7HVT4hV0AD6QgqKRgX
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
resource yara_rule sample agile_net -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Server.exe
Files
-
Server.exe.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 7.0MB - Virtual size: 7.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ