C:\Users\doa\Desktop\i hate niggers so much\obj\Debug\net48\Anarchy.pdb
Static task
static1
Behavioral task
behavioral1
Sample
Anarchy.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Anarchy.exe
Resource
win10v2004-20240802-en
General
-
Target
Anarchy.exe
-
Size
16.1MB
-
MD5
56373fb76365e161485614ff91d4030b
-
SHA1
e2429e6e2953a948e8756a5ff7e87a68bdceabd2
-
SHA256
e208fae2282697cdce4471ce296d4750743acb5b8e7ff09217667a69041243a7
-
SHA512
27c8138c50b473121694b9ce4412d9757b7d74299df25aa5a6693578f05039c6d2f30367100732f16bbff42c78a8d27176d39a0c71d090ec5f18a70d31f1f40c
-
SSDEEP
196608:i5CpPOu/P8G2eee0yMRs4vkmXaU7aIObk9fcdHJDLscmZk36zOAE2A1cZF7sL9YR:s+r0TaZ1LmZ+F1cby9YN/X
Malware Config
Signatures
-
Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
resource yara_rule sample disable_win_def -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Anarchy.exe
Files
-
Anarchy.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 16.1MB - Virtual size: 16.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 33KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ