Overview

overview

10

Static

static

7

De4dot [Mo...t].rar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    De4dot [Modded ArmDot].rar.zip

  • Size

    1.6MB

  • MD5

    65eac0d399f8d77cdd49c0fe9be0d3ef

  • SHA1

    3dbf25c4f491318b4434a6d38535fa3ca238a3e4

  • SHA256

    36af16f1951a6edc1cbcd5a15c4bc1a68b2ce829a632e5ff2f37cf2167eac659

  • SHA512

    9f351feb4ba5aa897d2e697b0b7d6426591d3671761ae557e2ad3f2f6fd4dc9a7c351fae6de12cd18702bf16527887c03e57200f329f85f3f08596f8690192b8

  • SSDEEP

    49152:4JxKaBzsLRFbwBulRxN/1hvztB0WDoSzSohNP4Kp7odiw3iBTqt:4JxKaR+R5BUmrLNoUw2ut

Score
7/10
agilenet

Malware Config

Signatures

  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Unsigned PE 14 IoCs

    Checks for missing Authenticode signature.

Files

  • De4dot [Modded ArmDot].rar.zip
    .zip

    Password: infected

  • De4dot [Modded ArmDot].rar
    .rar

    Password: infected

  • De4dot [Modded ArmDot]/AssemblyData.dll
    .dll windows:4 windows x86 arch:x86

    Password: infected

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • De4dot [Modded ArmDot]/AssemblyServer-CLR20-x64.exe
    .exe windows:4 windows x64 arch:x64

    Password: infected


    Headers

    Sections

  • De4dot [Modded ArmDot]/AssemblyServer-CLR20-x64.exe.config
    .xml
  • De4dot [Modded ArmDot]/AssemblyServer-CLR20.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • De4dot [Modded ArmDot]/AssemblyServer-CLR20.exe.config
    .xml
  • De4dot [Modded ArmDot]/AssemblyServer-CLR40-x64.exe
    .exe windows:4 windows x64 arch:x64

    Password: infected


    Headers

    Sections

  • De4dot [Modded ArmDot]/AssemblyServer-CLR40-x64.exe.config
    .xml
  • De4dot [Modded ArmDot]/AssemblyServer-CLR40.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • De4dot [Modded ArmDot]/AssemblyServer-CLR40.exe.config
    .xml
  • De4dot [Modded ArmDot]/AssemblyServer-x64.exe
    .exe windows:4 windows x64 arch:x64

    Password: infected


    Headers

    Sections

  • De4dot [Modded ArmDot]/AssemblyServer-x64.exe.config
    .xml
  • De4dot [Modded ArmDot]/AssemblyServer.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • De4dot [Modded ArmDot]/AssemblyServer.exe.config
    .xml
  • De4dot [Modded ArmDot]/de4dot -64.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • De4dot [Modded ArmDot]/de4dot-x64.exe.config
    .xml
  • De4dot [Modded ArmDot]/de4dot.blocks.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • De4dot [Modded ArmDot]/de4dot.code.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • De4dot [Modded ArmDot]/de4dot.cui.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • De4dot [Modded ArmDot]/de4dot.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • De4dot [Modded ArmDot]/de4dot.exe.config
    .xml
  • De4dot [Modded ArmDot]/de4dot.mdecrypt.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • De4dot [Modded ArmDot]/dnlib.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections