Behavioral task
behavioral1
Sample
notepad (2).exe
Resource
win7-20240705-en
General
-
Target
notepad (2).exe
-
Size
7.7MB
-
MD5
9d7fef66dc4986975e8fafbd9662f3ba
-
SHA1
2f3f244cc09c7470ba143dff36252089d4894e49
-
SHA256
3b580645f8fc0d21da5ef9c755f4d4b794434305dc0e507e13c67ef6bc03f4b8
-
SHA512
ef983275a0ed6c389e1568e8f7b6c3d22bf9214fe1939f979715d392f115d3ab7ed27168035747c8130242c87a12666dc4d301ab490901b3bda127d82af76580
-
SSDEEP
196608:QysjwLcUG4raKu24YY7HVT4hV0AD6QgqKRgX:fRmKr4YYH+EUWpgX
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule sample agile_net -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource notepad (2).exe
Files
-
notepad (2).exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 7.6MB - Virtual size: 7.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 102KB - Virtual size: 101KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ