Final_Exo[.]exe | Triage

Sharing

General

Target

Final_Exo.exe
Size

11.6MB
MD5

95ca9ea4df718e942a9469809d4d3f0c
SHA1

3b10fcdad8200b06a819cce0ef2927e8ac2b41e4
SHA256

2bde57f6947faaf82ac15c44168284560b7b0f4178a17aaeb6ff7347528127eb
SHA512

085d634494aae323d7a632659aea6b4e61a77e7b5e960d7654b6e8dc1c32e9e2cac6c89535844b8011e3e1a5e5a027312eff03698226c2a206d436bcaa7e1cad
SSDEEP

196608:K2GXWNwlpIKEmpYg0nSKOfF8UNQfjzWdRlASRXUGTgT1LglvZkgrc:KFMdSQnSzmUNSjzlSRFKglhkgI

Score

7^/10

agilenet

Malware Config

Signatures

Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
agilenet

Processes:

resource yara_rule

sample agile_net
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

Final_Exo.exe

Files

Final_Exo.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

|-\}G
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 9.7MB - Virtual size: 9.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SZlG
Size: 512B - Virtual size: 134B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.null
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ