General
-
Target
Fatal.exe
-
Size
8.7MB
-
MD5
114476bccedf505f0ab18639e58ac24b
-
SHA1
feff81dd728d900a13fa37798acc3fa5580f9f10
-
SHA256
083102b709ab209d1a30841309dd954e74b81ebf6616fc23be8bcd54e2c19488
-
SHA512
839be65a76a8b82ad1f1ce191378ce992579df0a6191a81165ccb22e026bbde25c0a8803b82d48265ac73f6ab3d2ccd5135930e49b26352a9866711933881e24
-
SSDEEP
196608:FZFVPK4ZZkq1jzIYFhxSe/NDNqCsbTyivoiu/HP33YmOZdgkSI:FpiyZkozHFtuCaXvoiu/HPTmgkS
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
resource yara_rule sample agile_net -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Fatal.exe
Files
-
Fatal.exe.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: - Virtual size: 4.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.niga0 Size: - Virtual size: 158KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.niga1 Size: 8.7MB - Virtual size: 8.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ