498faf791abff5cc694e597a1dd42ac5[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

498faf791abff5cc694e597a1dd42ac5.exe
Size

1019KB
MD5

498faf791abff5cc694e597a1dd42ac5
SHA1

45b68f43265e6c95fd612226e062e7f256292ea4
SHA256

288cb3a54809f463f24fd8d0e72bb6bb52100a7c8b404375bdb594c1247ca290
SHA512

6a3af07d0e07d1b0276dec5af6a48810b88bbcebd308fe7d4d3b04aa28fb2953ad05e6718c52189b6985c4d73ffb9cd3cb968df5ccf2caf4cc812338ea3fcdf2
SSDEEP

6144:kGfojd3OW3sWERlRg2UkxChx4ZfAb7nC0WEG05iTe1Z:jm3V3sz0VkxChx4S95dP

Score

7^/10

agilenet

Malware Config

Signatures

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
sample	agile_net

Files

498faf791abff5cc694e597a1dd42ac5.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3c:6a:86:79:f7:b3:fa:a3:ab:61:e2:13
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

10/07/2019, 06:15

Not After

10/10/2022, 06:15

Subject

SERIALNUMBER=1089847274439,CN=Initeks\, OOO,O=Initeks\, OOO,STREET=Prospect Komendantsky\, 51/1\, office 300,L=Saint Petersburg,ST=Saint Petersburg,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13105361696e742050657465727362757267,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

98:5c:1a:11:62:48:65:be:3d:c0:72:21:b5:03:74:93:24:76:34:93:c6:c6:df:0e:16:35:63:72:a1:f8:66:13
Signer

Actual PE Digest

98:5c:1a:11:62:48:65:be:3d:c0:72:21:b5:03:74:93:24:76:34:93:c6:c6:df:0e:16:35:63:72:a1:f8:66:13

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 881KB - Virtual size: 881KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

3c:6a:86:79:f7:b3:fa:a3:ab:61:e2:13Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

98:5c:1a:11:62:48:65:be:3d:c0:72:21:b5:03:74:93:24:76:34:93:c6:c6:df:0e:16:35:63:72:a1:f8:66:13Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 129KB - Virtual size: 129KB

.rsrc Size: 881KB - Virtual size: 881KB

.reloc Size: 512B - Virtual size: 12B

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

3c:6a:86:79:f7:b3:fa:a3:ab:61:e2:13
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

98:5c:1a:11:62:48:65:be:3d:c0:72:21:b5:03:74:93:24:76:34:93:c6:c6:df:0e:16:35:63:72:a1:f8:66:13
Signer

.text
Size: 129KB - Virtual size: 129KB

.rsrc
Size: 881KB - Virtual size: 881KB

.reloc
Size: 512B - Virtual size: 12B