General
-
Target
Teleshadow 3.exe
-
Size
4.5MB
-
MD5
ed813189205c0d0e961d3eb7ae208dde
-
SHA1
75f737f1291552a5d44204d30809831e2c29e44f
-
SHA256
c9b7567230206f52f560d5ccf21c9b2022ae65d0411b30b8e4374e64b34e7bd2
-
SHA512
e130ca10c887800bf25652f8eea98c77414d17d7cc0f692067e236d13cc3530c4efb51c3982fc91e998e177db60e766001c56252eea981045791d28cde1aeb7b
-
SSDEEP
49152:4/s254Tb+KZXfSTZXY6tI1/a16Tl8sKs9F1zUADvLJeIG2ko/kBJHNti/N5U/kM3:4/s5S5UR8gzDD8IkVBJe1YZ
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
resource yara_rule sample agile_net -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Teleshadow 3.exe
Files
-
Teleshadow 3.exe.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 489KB - Virtual size: 489KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 109KB - Virtual size: 109KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.enigma1 Size: 3.7MB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.enigma2 Size: 272KB - Virtual size: 272KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE