Behavioral task
behavioral1
Sample
NEAS.47df846f2474f2d5f3740bab34809780.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.47df846f2474f2d5f3740bab34809780.exe
Resource
win10v2004-20230915-en
General
-
Target
NEAS.47df846f2474f2d5f3740bab34809780.exe
-
Size
503KB
-
MD5
47df846f2474f2d5f3740bab34809780
-
SHA1
61a374d20110e81c795b4e030eb68a4557f999e7
-
SHA256
28b32e9aca33e5a25b11cb6969e19a510ae61de995360757f44617e81b3e51ad
-
SHA512
6f1425bb910ca7f5e14ee127eaa9092cb2578180ee2ec0c1a405220e0e1e943bf944bab04861207a03754fe07e2306b37edc071cc98cdb9213a0da0ca66936fe
-
SSDEEP
6144:HVlQoVHWO7MMJlfJIcSOPlgvmZgk/zDg5Ag2X80DMSFsv5mP84kYCs5uUTcPbLUp:1bV9MMJfLESiwPoWTc8ogV9MMJfL
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
resource yara_rule sample agile_net -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource NEAS.47df846f2474f2d5f3740bab34809780.exe
Files
-
NEAS.47df846f2474f2d5f3740bab34809780.exe.exe windows:4 windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 342KB - Virtual size: 341KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 160KB - Virtual size: 159KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ