56fc38d12ae82e548f007c641ed29d59e0ef60920d9351023df48ae21feedd76 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

56fc38d12ae82e548f007c641ed29d59e0ef60920d9351023df48ae21feedd76
Size

36KB
MD5

ad087989f735416004a2704492e2ed32
SHA1

f2aec44e1d330551fe8edb68764fca9380d755a9
SHA256

56fc38d12ae82e548f007c641ed29d59e0ef60920d9351023df48ae21feedd76
SHA512

5d5220ae500f1d3d773d8559b3fd8daf6c1c3498540e5253cbba55d680ed3c019f1343c45908569a8e0ac5fc1a07e5d07a03de79e6de5aa43325d1ea2c0772c4
SSDEEP

768:aABjThWbFOcFiHVf8Ys429cSiih9kEiIeT:aANcbFvFi1fhOcSf9Zi9T

Score

7^/10

agilenet

Malware Config

Signatures

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

resource	yara_rule
sample	agile_net

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56fc38d12ae82e548f007c641ed29d59e0ef60920d9351023df48ae21feedd76

Files

56fc38d12ae82e548f007c641ed29d59e0ef60920d9351023df48ae21feedd76
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Develop11\WAF\WAFService\WAFHost\obj\Release\novapdfs.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ