Sliver 5[.]exe | Triage

Sharing

General

Target

Sliver 5.exe
Size

26KB
MD5

abd39ef226be8e578acac90675358e4f
SHA1

d2c4f530dfa178fcf2996fdf2d6d8c0e446054db
SHA256

ccb9d3a7cc935f66464aa88d4358cbd13bef0826349107d25a91950dd933174c
SHA512

2a68ca7049943eef8e1daad62f988607e20427fb166548bc8358c528cfec0c5cc1a1c7bfdaf98934887ca93881d9315cb1d87b2e89e1c9f98fa554904f829bf8
SSDEEP

384:608VP28hobaQaUMOD8kB5bgkt4yW7XPcLtPbv6nmkbfJPBfwawUZaL+3jb0quH:Dtamft+P0lSnrfJPUUZVe

Score

7^/10

agilenet

Malware Config

Signatures

Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
agilenet

Processes:

resource yara_rule

sample agile_net
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

Sliver 5.exe

Files

Sliver 5.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ