Overview

overview

10

Static

static

7

OverWolf C....1.exe

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    OverWolf_Crypter.zip

  • Size

    36.5MB

  • MD5

    6d2675dad2efbb61a8209337043cd06d

  • SHA1

    53d9c069729291c6c567082dab3152ff102164dc

  • SHA256

    fb35fa679d6452d6944de5029b1f9c39749d890d3322b90c017d35d78ac7b095

  • SHA512

    07b8d95879a8f92dbbb67b2c9ba84a7cd50e1feeadbdda63f9cabf70e94a5a9496114199088b1f728c40cc797b105d86132e2927f94983df0e32bdd177daeaba

  • SSDEEP

    786432:Ip4PvgSVcZuPrdc9mbxBXv1JvJEbWUGeIfaR5Zsegcx4a+kODq2:IKPvjcuRBb31JvJ2GnsZs5OODB

Score
7/10
agilenetthemida

Malware Config

Signatures

  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Themida packer 1 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Unsigned PE 7 IoCs

    Checks for missing Authenticode signature.

Files

  • OverWolf_Crypter.zip
    .zip

    Password: @mvdnecro

  • AntiDebugging.dll
    .dll windows:4 windows x86 arch:x86

    Password: @mvdnecro

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Costura.dll
    .dll windows:4 windows x86 arch:x86

    Password: @mvdnecro

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Dynamitey.dll
    .dll windows:4 windows x86 arch:x86

    Password: @mvdnecro

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • FontsInstaller.dll
    .dll .vbs windows:4 windows x86 arch:x86 polyglot

    Password: @mvdnecro

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • FontsInstaller.xml
    .xml .vbs polyglot
  • Guna.UI.dll
    .dll windows:4 windows x86 arch:x86

    Password: @mvdnecro

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Guna.UI2.dll
    .dll windows:4 windows x86 arch:x86

    Password: @mvdnecro

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • ILMerge.exe
    .exe windows:4 windows x86 arch:x86

    Password: @mvdnecro

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • Newtonsoft.Json.dll
    .dll windows:4 windows x86 arch:x86

    Password: @mvdnecro

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • OverWolf Crypter 1.1.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • System.Diagnostics.DiagnosticSource.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • System.Security.Principal.Windows.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • System.Web.Optimization.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • dnlib.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections