General
-
Target
RoninTweaksCLI.zip
-
Size
17.5MB
-
MD5
2c0eff3eb2d4bb512c637f9305e061ca
-
SHA1
c356f9227abdf9285aa09392eb51235b6d639380
-
SHA256
d11d8b30372496a9cbc9b279e5195e5c1b04bf01b8da38473374b3f5c197931e
-
SHA512
0adb315042712817b1a9fde70b0c7e0a54f6c427dd7e78758c25795607ce377900d98edffed6d3ebd1f3416159153692594ea16d9272147ac865349790bbbade
-
SSDEEP
393216:0g8QkTMT7WUXowxx3iGcDVGZ1lUoWd+8QhhOSjHoMmDrz:dkTsxlK4XWdIho6oMwf
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
resource yara_rule static1/unpack001/RoninTweaksCLI/RoninTweaksCLI.exe agile_net -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/RoninTweaksCLI/RoninTweaksCLI.exe
Files
-
RoninTweaksCLI.zip.zip
-
RoninTweaksCLI/RoninTweaksCLI.exe.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Size: 3.4MB - Virtual size: 3.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 16.1MB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 704KB - Virtual size: 704KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
RoninTweaksCLI/RoninTweaksCLI.exe.config