C:\Users\gdorc\source\repos\Bat2Exe\obj\Release\Bat2Exe.pdb
Overview
overview
7Static
static
7Bat2Exe/Bat2Exe.exe
windows7-x64
7Bat2Exe/Bat2Exe.exe
windows10-2004-x64
7Bat2Exe/Guna.UI2.dll
windows7-x64
1Bat2Exe/Guna.UI2.dll
windows10-2004-x64
1Bat2Exe/ND...ns.dll
windows7-x64
1Bat2Exe/ND...ns.dll
windows10-2004-x64
1Bat2Exe/bytepress.exe
windows7-x64
1Bat2Exe/bytepress.exe
windows10-2004-x64
1Bat2Exe/by...ib.dll
windows7-x64
1Bat2Exe/by...ib.dll
windows10-2004-x64
1Bat2Exe/hi.bat
windows7-x64
1Bat2Exe/hi.bat
windows10-2004-x64
1Behavioral task
behavioral1
Sample
Bat2Exe/Bat2Exe.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Bat2Exe/Bat2Exe.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Bat2Exe/Guna.UI2.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Bat2Exe/Guna.UI2.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
Bat2Exe/NDesk.Options.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Bat2Exe/NDesk.Options.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
Bat2Exe/bytepress.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
Bat2Exe/bytepress.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
Bat2Exe/bytepress.lib.dll
Resource
win7-20240215-en
Behavioral task
behavioral10
Sample
Bat2Exe/bytepress.lib.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
Bat2Exe/hi.bat
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
Bat2Exe/hi.bat
Resource
win10v2004-20240226-en
General
-
Target
7eb00b7ad3e74699e097811a26612aec.bin
-
Size
1.0MB
-
MD5
7eb00b7ad3e74699e097811a26612aec
-
SHA1
ded78bff1f55b9d93a450d9bfd6bae61b9894ef9
-
SHA256
92567bcd3b474633dc4b821c7a7b1c294a1a74f8dc8ae1ebb71199ee06cc87eb
-
SHA512
0a7181b300b1d9df84b0ef6c229c19eeba0602141ed1df2277020e914aedb36cae7ffd31446399889732b6f565f7fd4b21abf7a88e07f548b4d99b981e344fbd
-
SSDEEP
24576:d6rDK9MEjp68XMEbJbrbKSLhf2mI6H1jGY8xq5vxfF:KmthVbJbrxh5jHQY8xq55fF
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule static1/unpack001/Bat2Exe/Guna.UI2.dll agile_net -
Unsigned PE 4 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/Bat2Exe/Bat2Exe.exe unpack001/Bat2Exe/NDesk.Options.dll unpack001/Bat2Exe/bytepress.exe unpack001/Bat2Exe/bytepress.lib.dll
Files
-
7eb00b7ad3e74699e097811a26612aec.bin.zip
Password: infected
-
Bat2Exe/Bat2Exe.exe.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 262KB - Virtual size: 261KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 207KB - Virtual size: 206KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bat2Exe/Guna.UI2.dll.dll windows:4 windows x86 arch:x86
Password: infected
dae02f32a21e03ce65412f6e56942daa
Code Sign
7a:98:1b:7d:3e:b4:86:bb:45:84:c4:3c:c9:a8:3f:dbCertificate
IssuerCN=Sobatdata Root CANot Before23-10-2019 05:22Not After22-10-2025 17:00SubjectCN=Sobatdata Software0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01-01-2021 00:00Not After06-01-2031 00:00SubjectCN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07-01-2016 12:00Not After07-01-2031 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
e1:54:e5:8f:c4:bf:e9:9b:24:fd:29:be:a9:c2:a7:df:a0:c0:0b:a2Signer
Actual PE Digeste1:54:e5:8f:c4:bf:e9:9b:24:fd:29:be:a9:c2:a7:df:a0:c0:0b:a2Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\Users\Ilham\source\repos\Guna.UI2\Guna.UI2\bin\Release\Secured\Guna.UI2.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 2.0MB - Virtual size: 2.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bat2Exe/Log/info.txt
-
Bat2Exe/Log/log.txt
-
Bat2Exe/NDesk.Options.dll.dll windows:4 windows x86 arch:x86
Password: infected
dae02f32a21e03ce65412f6e56942daa
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 824B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bat2Exe/Output/info.txt
-
Bat2Exe/Source/info.txt
-
Bat2Exe/bytepress.exe.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\Admin\Documents\Visual Studio 2017\Projects\bytepress\bytepress\obj\Release\bytepress.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 70KB - Virtual size: 69KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bat2Exe/bytepress.lib.dll.dll windows:4 windows x86 arch:x86
Password: infected
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\Users\Admin\Documents\Visual Studio 2017\Projects\bytepress\bytepress.lib\obj\Release\bytepress.lib.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 920B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bat2Exe/hi.bat
-
Bat2Exe/readme.txt