Behavioral task
behavioral1
Sample
Final_Exo.exe
Resource
win7-20240220-en
General
-
Target
Final_Exo.exe
-
Size
11.6MB
-
MD5
95ca9ea4df718e942a9469809d4d3f0c
-
SHA1
3b10fcdad8200b06a819cce0ef2927e8ac2b41e4
-
SHA256
2bde57f6947faaf82ac15c44168284560b7b0f4178a17aaeb6ff7347528127eb
-
SHA512
085d634494aae323d7a632659aea6b4e61a77e7b5e960d7654b6e8dc1c32e9e2cac6c89535844b8011e3e1a5e5a027312eff03698226c2a206d436bcaa7e1cad
-
SSDEEP
196608:K2GXWNwlpIKEmpYg0nSKOfF8UNQfjzWdRlASRXUGTgT1LglvZkgrc:KFMdSQnSzmUNSjzlSRFKglhkgI
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule sample agile_net -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource Final_Exo.exe
Files
-
Final_Exo.exe.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
|-\}G Size: 1.9MB - Virtual size: 1.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text Size: 9.7MB - Virtual size: 9.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 33KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.SZlG Size: 512B - Virtual size: 134B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.null Size: 512B - Virtual size: 276B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ