General
-
Target
Araneida.exe
-
Size
22.8MB
-
MD5
9786d9a60eee23198843b481f086b321
-
SHA1
0b2986cbd862a0e19161ed78a9f8a541fb1fcec1
-
SHA256
fd41dc07b772e71d75bb65868152d0dc9f652578d535bf17ee27b02c6079ef1d
-
SHA512
153ffc8f3739b81781206fa4674c4acb9bb379feb32eb0cce807f7e58224c5debd01defafca41f6dbffdb7ad9d860b241f912c36b9ad580ea241ccc53573db10
-
SSDEEP
393216:pX7VGSptnIVZd7p9mdLt/WVi0teZKwnOEGL26VjSQS6yhB4V:RtDGL7p8dai06KRq6RSH6yIV
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule sample agile_net -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource Araneida.exe
Files
-
Araneida.exe.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Size: 4.1MB - Virtual size: 4.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 122KB - Virtual size: 122KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 17.9MB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 704KB - Virtual size: 704KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE