f8b2a71a34172076cc65f15d14ed43099a1ddf0a294ffe34c6004ae430a10317[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

f8b2a71a34172076cc65f15d14ed43099a1ddf0a294ffe34c6004ae430a10317.zip
Size

16.8MB
MD5

411c42df8bb6b851d363a8669318f5fd
SHA1

d8bc9470f380d7cc5863810ed834e0831f296661
SHA256

f8b2a71a34172076cc65f15d14ed43099a1ddf0a294ffe34c6004ae430a10317
SHA512

bb450df92f7f2e6fa06bd11d72e37561126f7fc63138ebb838f0af5327dd97ed25fac82513ce5bb695d843dda7469afbba26785b4d49745fd5f0f3b15fdbb7c1
SSDEEP

393216:L7d1ETEkmpnpdtIJPAIf5MV6oub01DKYPB+yBjw1KTqdn:1STWJpdtC4Ifa9oo+oBjwR

Score

10^/10

agilenet

Malware Config

Signatures

Detects executables packed with Agile.NET / CliSecure 1 IoCs

resource	yara_rule
static1/unpack001/Installer.exe	INDICATOR_EXE_Packed_AgileDotNet

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
static1/unpack001/Installer.exe	agile_net

Files

f8b2a71a34172076cc65f15d14ed43099a1ddf0a294ffe34c6004ae430a10317.zip
.zip
Installer.exe
.exe windows:4 windows x64 arch:x64

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

58:36:77:38:b9:50:3a:2a:a9:cf:c7:71:b3:c1:9e:11
Certificate

Issuer

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

22-12-2023 15:50

Not After

21-12-2024 15:50

Subject

SERIALNUMBER=0000491343,CN=SLIM DOG SP Z O O,O=SLIM DOG SP Z O O,L=Warszawa,ST=Masovian Voivodeship,C=PL,1.3.6.1.4.1.311.60.2.1.3=#1302504c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

26-03-2019 17:44

Not After

22-03-2034 17:44

Subject

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09-12-2022 18:30

Not After

06-12-2032 18:30

Subject

CN=SSL.com Timestamping Unit 2022,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13-11-2019 18:50

Not After

12-11-2034 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bb:a4:c2:e4:e3:6b:7c:ad:00:2a:16:13:20:bf:2e:9e:bc:32:41:55:9f:89:0e:db:65:71:52:40:55:03:08:c0
Signer

Actual PE Digest

bb:a4:c2:e4:e3:6b:7c:ad:00:2a:16:13:20:bf:2e:9e:bc:32:41:55:9f:89:0e:db:65:71:52:40:55:03:08:c0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 17.6MB - Virtual size: 17.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 310.1MB - Virtual size: 310.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

58:36:77:38:b9:50:3a:2a:a9:cf:c7:71:b3:c1:9e:11Certificate

Extended Key Usages

Key Usages

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04Certificate

Extended Key Usages

Key Usages

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4bCertificate

Extended Key Usages

Key Usages

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56Certificate

Extended Key Usages

Key Usages

bb:a4:c2:e4:e3:6b:7c:ad:00:2a:16:13:20:bf:2e:9e:bc:32:41:55:9f:89:0e:db:65:71:52:40:55:03:08:c0Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 17.6MB - Virtual size: 17.6MB

.rsrc Size: 310.1MB - Virtual size: 310.1MB

.reloc Size: 512B - Virtual size: 12B

58:36:77:38:b9:50:3a:2a:a9:cf:c7:71:b3:c1:9e:11
Certificate

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

bb:a4:c2:e4:e3:6b:7c:ad:00:2a:16:13:20:bf:2e:9e:bc:32:41:55:9f:89:0e:db:65:71:52:40:55:03:08:c0
Signer

.text
Size: 17.6MB - Virtual size: 17.6MB

.rsrc
Size: 310.1MB - Virtual size: 310.1MB

.reloc
Size: 512B - Virtual size: 12B