a6d12a095607983d5a9a046b492135e58ac71db87bf87ec7f8cc7216d74f5a14

Sharing

Copy URL Twitter E-mail

General

Target

a6d12a095607983d5a9a046b492135e58ac71db87bf87ec7f8cc7216d74f5a14
Size

3.5MB
MD5

bc4aa780c6f790c702c581e70a07e334
SHA1

a9566ed31e5ba3a075bc6da4aa2482e5234c9791
SHA256

a6d12a095607983d5a9a046b492135e58ac71db87bf87ec7f8cc7216d74f5a14
SHA512

a3238069aee6dcf7926251a1a34933a886b2cc2ca707908394e412cd65974fddb5d78e2437202c7653d6883ce1ce2d1962c92a386ad60899addb4f8445ecb23f
SSDEEP

98304:R1R3df1y/i3IpKFajyNCJoSVA1h3dBKv5Nf2KNA:R/dth3ICndz1LBKxNfxy

Score

7^/10

agilenet

Malware Config

Signatures

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
static1/unpack001/PicGrayRemover.exe	agile_net

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PicGrayRemover.exe
unpack001/libwebp_x64.dll
unpack001/libwebp_x86.dll

Files

a6d12a095607983d5a9a046b492135e58ac71db87bf87ec7f8cc7216d74f5a14
.zip
PicGrayRemover.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\2-TestCode\PicGrayRemover\Agile\PicGrayRemover.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 380KB - Virtual size: 379KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PicGrayRemover.ini
demo/webp.webp
demo/ëë.jpg
.jpg
demo/.jfif
.jpg
demo/.jpg
.jpg
demo/.jpg
.jpg
demo/Ҷ.jpg
.jpg
demo/.jpg
.jpg
demo/Ծ.jpg
.jpg
libwebp_x64.dll
.dll windows:6 windows x64 arch:x64

fffeb7079e686322e44a990033640940

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
WaitForSingleObjectEx
SetThreadPriority
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
CreateFileW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
HeapAlloc
HeapFree
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW

Exports

Exports

VP8CheckSignature
VP8GetCPUInfo
VP8GetInfo
VP8LCheckSignature
VP8LGetInfo
WebPBlendAlpha
WebPCleanupTransparentArea
WebPConfigInitInternal
WebPConfigLosslessPreset
WebPCopyPixels
WebPCopyPlane
WebPDecode
WebPDecodeARGB
WebPDecodeARGBInto
WebPDecodeBGR
WebPDecodeBGRA
WebPDecodeBGRAInto
WebPDecodeBGRInto
WebPDecodeRGB
WebPDecodeRGBA
WebPDecodeRGBAInto
WebPDecodeRGBInto
WebPDecodeYUV
WebPDecodeYUVInto
WebPEncode
WebPEncodeBGR
WebPEncodeBGRA
WebPEncodeLosslessBGR
WebPEncodeLosslessBGRA
WebPEncodeLosslessRGB
WebPEncodeLosslessRGBA
WebPEncodeRGB
WebPEncodeRGBA
WebPFree
WebPFreeDecBuffer
WebPGetColorPalette
WebPGetDecoderVersion
WebPGetEncoderVersion
WebPGetFeaturesInternal
WebPGetInfo
WebPGetWorkerInterface
WebPIAppend
WebPIDecGetRGB
WebPIDecGetYUVA
WebPIDecode
WebPIDecodedArea
WebPIDelete
WebPINewDecoder
WebPINewRGB
WebPINewYUV
WebPINewYUVA
WebPIUpdate
WebPInitDecBufferInternal
WebPInitDecoderConfigInternal
WebPMalloc
WebPMemoryWrite
WebPMemoryWriterClear
WebPMemoryWriterInit
WebPPictureARGBToYUVA
WebPPictureARGBToYUVADithered
WebPPictureAlloc
WebPPictureCopy
WebPPictureCrop
WebPPictureDistortion
WebPPictureFree
WebPPictureHasTransparency
WebPPictureImportBGR
WebPPictureImportBGRA
WebPPictureImportBGRX
WebPPictureImportRGB
WebPPictureImportRGBA
WebPPictureImportRGBX
WebPPictureInitInternal
WebPPictureIsView
WebPPictureRescale
WebPPictureSharpARGBToYUVA
WebPPictureSmartARGBToYUVA
WebPPictureView
WebPPictureYUVAToARGB
WebPPlaneDistortion
WebPSafeCalloc
WebPSafeFree
WebPSafeMalloc
WebPSetWorkerInterface
WebPValidateConfig

Sections

.text
Size: 458KB - Virtual size: 458KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libwebp_x86.dll
.dll windows:6 windows x86 arch:x86

a5b9e4604626e344adb7e1cf8edd6b35

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
WaitForSingleObjectEx
SetThreadPriority
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
CreateFileW
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
HeapAlloc
HeapFree
LCMapStringW
DecodePointer
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW

Exports

Exports

VP8CheckSignature
VP8GetCPUInfo
VP8GetInfo
VP8LCheckSignature
VP8LGetInfo
WebPBlendAlpha
WebPCleanupTransparentArea
WebPConfigInitInternal
WebPConfigLosslessPreset
WebPCopyPixels
WebPCopyPlane
WebPDecode
WebPDecodeARGB
WebPDecodeARGBInto
WebPDecodeBGR
WebPDecodeBGRA
WebPDecodeBGRAInto
WebPDecodeBGRInto
WebPDecodeRGB
WebPDecodeRGBA
WebPDecodeRGBAInto
WebPDecodeRGBInto
WebPDecodeYUV
WebPDecodeYUVInto
WebPEncode
WebPEncodeBGR
WebPEncodeBGRA
WebPEncodeLosslessBGR
WebPEncodeLosslessBGRA
WebPEncodeLosslessRGB
WebPEncodeLosslessRGBA
WebPEncodeRGB
WebPEncodeRGBA
WebPFree
WebPFreeDecBuffer
WebPGetColorPalette
WebPGetDecoderVersion
WebPGetEncoderVersion
WebPGetFeaturesInternal
WebPGetInfo
WebPGetWorkerInterface
WebPIAppend
WebPIDecGetRGB
WebPIDecGetYUVA
WebPIDecode
WebPIDecodedArea
WebPIDelete
WebPINewDecoder
WebPINewRGB
WebPINewYUV
WebPINewYUVA
WebPIUpdate
WebPInitDecBufferInternal
WebPInitDecoderConfigInternal
WebPMalloc
WebPMemoryWrite
WebPMemoryWriterClear
WebPMemoryWriterInit
WebPPictureARGBToYUVA
WebPPictureARGBToYUVADithered
WebPPictureAlloc
WebPPictureCopy
WebPPictureCrop
WebPPictureDistortion
WebPPictureFree
WebPPictureHasTransparency
WebPPictureImportBGR
WebPPictureImportBGRA
WebPPictureImportBGRX
WebPPictureImportRGB
WebPPictureImportRGBA
WebPPictureImportRGBX
WebPPictureInitInternal
WebPPictureIsView
WebPPictureRescale
WebPPictureSharpARGBToYUVA
WebPPictureSmartARGBToYUVA
WebPPictureView
WebPPictureYUVAToARGB
WebPPlaneDistortion
WebPSafeCalloc
WebPSafeFree
WebPSafeMalloc
WebPSetWorkerInterface
WebPValidateConfig

Sections

.text
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ذ˵.htm
.html

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 380KB - Virtual size: 379KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

fffeb7079e686322e44a990033640940

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 458KB - Virtual size: 458KB

.rdata Size: 131KB - Virtual size: 131KB

.data Size: 2KB - Virtual size: 14KB

.pdata Size: 21KB - Virtual size: 21KB

_RDATA Size: 512B - Virtual size: 32B

.rsrc Size: 1024B - Virtual size: 800B

.reloc Size: 2KB - Virtual size: 1KB

a5b9e4604626e344adb7e1cf8edd6b35

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 392KB - Virtual size: 391KB

.rdata Size: 99KB - Virtual size: 99KB

.data Size: 2KB - Virtual size: 11KB

_RDATA Size: 512B - Virtual size: 32B

.rsrc Size: 1024B - Virtual size: 800B

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 380KB - Virtual size: 379KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 458KB - Virtual size: 458KB

.rdata
Size: 131KB - Virtual size: 131KB

.data
Size: 2KB - Virtual size: 14KB

.pdata
Size: 21KB - Virtual size: 21KB

_RDATA
Size: 512B - Virtual size: 32B

.rsrc
Size: 1024B - Virtual size: 800B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 392KB - Virtual size: 391KB

.rdata
Size: 99KB - Virtual size: 99KB

.data
Size: 2KB - Virtual size: 11KB

_RDATA
Size: 512B - Virtual size: 32B

.rsrc
Size: 1024B - Virtual size: 800B

.reloc
Size: 12KB - Virtual size: 11KB