net48[.]rar | Triage

Sharing

General

Target

net48.rar
Size

12.6MB
MD5

8c20e8e11eab0d3f6bd0f8cc2854c2b9
SHA1

38a1f53516f32a7bcc1950dbc59d41004ee5eb03
SHA256

bcf28feaff844318ea8b2468db2771f8d580887644fcc3aeb61c0bbff8dec30e
SHA512

ad8552834c5fe5e5b078bd173df4b65b54de18bafdc6ca096ffdeb19c689ab0bd555f188e765be80436ee7d4e033e135f9232acdbfefe4bd5d1b300a9f0dd58d
SSDEEP

393216:y63YOcFsUUAz6ceQmpSkU/Oxf7PxN1Tpn0GK1Hlh:y6oOcFsXceQ2I/OZJN1Tx23

Score

10^/10

Malware Config

Signatures

Contains code to disable Windows Defender 1 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

resource	yara_rule
static1/unpack001/Anarchy.exe	disable_win_def

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Anarchy.exe

Files

net48.rar
.rar
Anarchy.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\HexCode\Desktop\Anarchy Panel\obj\Debug\net48\Anarchy.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 16.1MB - Virtual size: 16.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Anarchy.exe.config
.xml
Anarchy.pdb
BackupCertificate.zip
.zip
Usrs.p12
Usrs.p12