Behavioral task
behavioral1
Sample
RoninTweaksCLI.exe
Resource
win7-20241010-en
General
-
Target
RoninTweaksCLI.exe
-
Size
20.1MB
-
MD5
230f9e03576ff4e7a7e66e2114fe6b8e
-
SHA1
89971565edd8fef92cfb8f0c143905136b64be32
-
SHA256
1f4c708d803e7607540b967db81e8ffb6c3390b06935793c0f11f41e1bcfea40
-
SHA512
fccc96b48b46c6392da69bf8a7175bc40a16ec6e96a798edab49b4fd28c35f4810cde34e1636e7bfd18ddc86d6c670bd751a4a147c3b3e572825f2fa8f90d8b8
-
SSDEEP
393216:iTN7dtptnIVZd7p9mdLt/WVi0teZKwnOEGL26VjSQS6yT:cJtDGL7p8dai06KRq6RSH6yT
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
resource yara_rule sample agile_net -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource RoninTweaksCLI.exe
Files
-
RoninTweaksCLI.exe.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Size: 3.4MB - Virtual size: 3.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 16.1MB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 704KB - Virtual size: 704KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE