9d3e7e4995d60cb9f6d3ec26041221bf6e7787f97f275db5d00d13c0a71ad2f9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9d3e7e4995d60cb9f6d3ec26041221bf6e7787f97f275db5d00d13c0a71ad2f9
Size

5.6MB
MD5

6b5acc35ad6deaa4b8036321f27cdc77
SHA1

80707e9e0dab32c59bde737616a35d7eefcb41ac
SHA256

9d3e7e4995d60cb9f6d3ec26041221bf6e7787f97f275db5d00d13c0a71ad2f9
SHA512

6be0d734b9a84926ac945347ace63903997d73c9772a7d40a4e5b3494e241ff7279b46ad5090c72937ab8354a93c3fc0f1d9652e677224247340247e5e58eb26
SSDEEP

98304:gAgwgQgwgQgwgQgwgQgwgQkkxWPEOnA0XjEhJr9/lfi7oh2B6RkNmMrTfp7ZP4GC:1gwgQgwgQgwgQgwgQgwgQkGiEOA599fy

Score

7^/10

agilenet

Malware Config

Signatures

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

resource	yara_rule
sample	agile_net

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9d3e7e4995d60cb9f6d3ec26041221bf6e7787f97f275db5d00d13c0a71ad2f9

Files

9d3e7e4995d60cb9f6d3ec26041221bf6e7787f97f275db5d00d13c0a71ad2f9
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\elt\_MainDrive\__RevZone\RevZoneManage\Desktop\RevZoneManage2024\SWManageDataService\obj\Release\SWM.DataService.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ