Vanity[.]rar | Triage

Sharing

General

Target

Vanity.rar
Size

11.7MB
MD5

07f3a6d96e56f6695335fdd22ac587bd
SHA1

a7a5aba54e4ec66ffdc29e60e0e3d055e6830a3f
SHA256

add6e9e95141df4155a54be4fe05c9226e97967aeabce83ec313903e88c7a058
SHA512

1cf040ad3b120e195d433d2d27fa6821a19ee59fee9c2827491e8d1fa1af660eaca0228358b2f2ba3879b649e9cbcb51131bbbe46319fafa2656b1201ff51c8a
SSDEEP

196608:Wsh7cQuOtr4wGrJ65AVPACcFqgN1JWy5pp4Fx4RWo6iu9REhCcycslCvg9daUgfJ:W47BuOit62VPDcFqk1t5TGxX2yR2pycz

Score

7^/10

agilenet

Malware Config

Signatures

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

resource	yara_rule
static1/unpack001/Vanity/Vanity.exe	agile_net

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Vanity/Vanity.exe

Files

Vanity.rar
.rar
Vanity/Readme.txt
Vanity/Vanity.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 10.6MB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 704KB - Virtual size: 704KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Vanity/skins.KSZ