Behavioral task
behavioral1
Sample
b6ae15ab999b2dd5398dd62de1a92179.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b6ae15ab999b2dd5398dd62de1a92179.exe
Resource
win10v2004-20240226-en
General
-
Target
b6ae15ab999b2dd5398dd62de1a92179
-
Size
33KB
-
MD5
b6ae15ab999b2dd5398dd62de1a92179
-
SHA1
27de86591832a8688660372bf9ae930560b0ea4c
-
SHA256
579ae9a57dd87fe89a5ac05f9a2aa235ba0ca7886d63a485d68adc17a2bf2357
-
SHA512
8b4d8b3264f71d70564b842f5c75967643149b12907f9a2e3a1f8e631d0d92f47059bfd74157545bdb6f4ad0c2ce96cb5d0c70610f61dcf86f5a1b914a483811
-
SSDEEP
768:AHdF/wBIOnkujXAIUGpKzERLziyS1WTJy7s:A9h8tjXfQzs3uWSs
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule sample agile_net -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource b6ae15ab999b2dd5398dd62de1a92179
Files
-
b6ae15ab999b2dd5398dd62de1a92179.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 30KB - Virtual size: 30KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ