C:\Users\Administrator\source\repos\GigaLifeUnli\GigaLifeUnli\bin\Debug\Secured\GigaLifeUnli.pdb
Behavioral task
behavioral1
Sample
b10436ebe8849d347c9e82c25b118bc6.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b10436ebe8849d347c9e82c25b118bc6.exe
Resource
win10v2004-20240226-en
General
-
Target
b10436ebe8849d347c9e82c25b118bc6
-
Size
228KB
-
MD5
b10436ebe8849d347c9e82c25b118bc6
-
SHA1
2a95655895679de2f45600d2dde6ec78c112eaa0
-
SHA256
7c78f6c7c4f21544b4958eb35cbd32b82b524d931af2caba7632fa8c6dd07209
-
SHA512
12226f20d532df3ef08e26c1fa9d847137017783bae1e0f15673aa5878333263eef3e132357fe6baabe0826598a9fd43e79f60445e1593154e7d423263253223
-
SSDEEP
6144:VUVevCzfet3Agp0q9ygbX+1RzDU884gN:CevCzsaMJcR/V84+
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule sample agile_net -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource b10436ebe8849d347c9e82c25b118bc6
Files
-
b10436ebe8849d347c9e82c25b118bc6.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 207KB - Virtual size: 206KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ