K[.]G[.]B MalwareShield[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

K.G.B MalwareShield.zip
Size

1.4MB
MD5

e7eaf03f6c686a3fc15a112fde411687
SHA1

0e1dc9e90c62fdc48bdf265aaf8288b104105459
SHA256

f7b38b50fca4257c95e6d62d340ad627d32b262f80cd844ed3f91e500a55fd96
SHA512

9f1eb780116d0204c0e8fc110e8dd2ffb2ff4c039b284ffead032cdbb93198c76f2561bf6068c832e17b21489265e96fb586f1d60baf33137ec8f76ebdd83565
SSDEEP

24576:SGA9Na6xbZxpjl7kIIT4TqU9hkg6/QE0cbODhZGiErmZf+7stxVwoYhG:wNa6Jpjl2T417i/QE0cqDhrErGYoAG

Score

7^/10

agilenet

Malware Config

Signatures

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

resource	yara_rule
static1/unpack001/K.G.B MalwareShield.exe	agile_net

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/K.G.B MalwareShield.exe

Files

K.G.B MalwareShield.zip
.zip
K.G.B MalwareShield.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

OW%]@
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.TzmE
Size: 512B - Virtual size: 134B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

GD
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.null
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ