b841ad0f78c68d3949355cb3870c2df86499129d73245eccfd39975cc19c9d01

Sharing

Copy URL

Twitter E-mail

General

Target

b841ad0f78c68d3949355cb3870c2df86499129d73245eccfd39975cc19c9d01
Size

10.3MB
MD5

be9dea2a24540a341526340a7bde194a
SHA1

122a513ec66a4d3fe66b67bca5411e86632da56a
SHA256

b841ad0f78c68d3949355cb3870c2df86499129d73245eccfd39975cc19c9d01
SHA512

05c4591f76e34d254bb1516b647cfe1ece16b1c64b2ca06cd044a5d0b9b99b60295cbad62f2a03e8743739afce10717916407a09ad7d39b5ea8d0994ba187114
SSDEEP

98304:5UHDw3hcqTr49wd20JBAUZLpp5L69txjd7ZUv49OtInxl1UJhvmMKt6Vv8PXproB:Mw3aeJVdpl+Zd7ZbOOm7mrtXPXprueJU

Score

7^/10

agilenet

Malware Config

Signatures

Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
agilenet

Processes:

resource yara_rule

sample agile_net
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

b841ad0f78c68d3949355cb3870c2df86499129d73245eccfd39975cc19c9d01

resource	yara_rule
sample	agile_net

resource
b841ad0f78c68d3949355cb3870c2df86499129d73245eccfd39975cc19c9d01

Files

b841ad0f78c68d3949355cb3870c2df86499129d73245eccfd39975cc19c9d01
.exe windows:4 windows x86 arch:x86

efce80b8772a156fe0cbc08ed8fd7a0a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
SetWindowLongA
EndDialog
PostQuitMessage
PostMessageA
SendMessageA
SetCursor
EnableWindow
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
GetParent
SetWindowsHookExA
GetForegroundWindow
IsWindowVisible
ValidateRect
CallNextHookEx
GetKeyState
GetActiveWindow
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
DestroyMenu
GetMenuState
LoadBitmapA
GetDlgItem
RegisterClipboardFormatA
MessageBoxA
UnregisterClassA
GetClassNameA
PtInRect
GetWindowRect
GetDlgCtrlID
GetWindow
ClientToScreen
SetWindowTextA
GetWindowTextA
GetMenuItemCount
TabbedTextOutA
DrawTextA
GrayStringA
SendDlgItemMessageA
IsDialogMessageA
CreateDialogIndirectParamA
SetWindowPos
ShowWindow
SetFocus
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
SetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
FindWindowA
GetSysColor
UnhookWindowsHookEx
SetActiveWindow
RegisterWindowMessageA
GetAncestor
IsWindow
ReleaseDC
CreateWindowExA
DestroyWindow
GetMenuItemID
EnumWindows
SetCursorPos
GetDC
UpdateWindow
GetMenuCheckMarkDimensions
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
PostThreadMessageA
GetCursorPos
ModifyMenuA
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
PostMessageA
GetTopWindow
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
InflateRect
SetRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
GetCapture
ReleaseCapture
SetTimer
KillTimer
WinHelpA
LoadBitmapA
CopyRect
ChildWindowFromPointEx
ScreenToClient
GetMessagePos
SetWindowRgn
DestroyAcceleratorTable
GetWindow
GetActiveWindow
SetFocus
IsIconic
PeekMessageA
SetMenu
DeleteMenu
GetSystemMenu
DefWindowProcA
GetClassInfoA
IsZoomed
PostQuitMessage
CopyAcceleratorTableA
GetKeyState
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
SystemParametersInfoA
LoadImageA
EnumDisplaySettingsA
ClientToScreen
EnableMenuItem
UnregisterClassA
GetDlgCtrlID
CreateAcceleratorTableA
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
TranslateMessage
LoadIconA
GetForegroundWindow
CallWindowProcA
CreateWindowExA
RegisterHotKey
UnregisterHotKey
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetLastActivePopup
GetMessageTime
RemovePropA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
GetClassNameA
GetDesktopWindow
LoadStringA
GetSysColorBrush
MessageBoxA
GetCursorPos
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
WaitForInputIdle
EndPaint
BeginPaint
GetWindowDC
CharUpperA
GetWindowTextLengthA
GetWindowTextA
GetMenu
GetSubMenu

kernel32

GetDiskFreeSpaceExA
GetCurrentDirectoryA
GetLocalTime
GetUserDefaultLCID
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
DeleteFileA
SetFilePointer
WritePrivateProfileStringA
LoadLibraryA
GlobalFindAtomA
GetLastError
InterlockedIncrement
LoadResource
LockResource
GlobalGetAtomNameA
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
lstrlenA
LocalAlloc
LocalFree
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
InterlockedDecrement
SetErrorMode
lstrcatA
lstrcpyA
lstrcpynA
GetVersion
GlobalFlags
SetLastError
GetProcessVersion
GetCurrentProcess
FlushFileBuffers
GetCPInfo
GetOEMCP
GetCommandLineA
RtlUnwind
FindResourceA
TerminateProcess
RaiseException
HeapSize
GetACP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
MulDiv
GetProcAddress
LoadLibraryExA
FreeLibrary
GetModuleHandleA
lstrcpyn
DeviceIoControl
GetWindowsDirectoryA
ResumeThread
LocalSize
WriteProcessMemory
ReadProcessMemory
IsWow64Process
CloseHandle
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
VirtualQueryEx
CreateFileA
RtlMoveMemory
RtlFillMemory
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetTickCount
GetModuleFileNameA
WriteFile
GlobalAddAtomA
Sleep
ReadFile
GetFileSize
LCMapStringA
LCMapStringA
SetEnvironmentVariableA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
TerminateProcess
RaiseException
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
GetFileSize
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
DuplicateHandle
lstrcpynA
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedIncrement
LCMapStringW
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
CompareStringA
CompareStringW
IsBadCodePtr
SetStdHandle
GetCurrentProcess
LocalFree
InterlockedDecrement
CreateMutexA
ReleaseMutex
TerminateThread
SuspendThread
GetWindowsDirectoryA
GetSystemDirectoryA
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
ReadFile
lstrlenW
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
IsBadReadPtr
CloseHandle
WaitForSingleObject
CreateProcessA
GetTickCount
GetCommandLineA
MulDiv
GetProcAddress
GetModuleHandleA
GetVolumeInformationA
SetCurrentDirectoryA
DeleteFileA
MoveFileA
GetFileAttributesA
SetFileAttributesA
FindClose
FindFirstFileA
GetTempPathA
GlobalUnlock
GlobalLock
GlobalAlloc
ExpandEnvironmentStringsA
Sleep
CreateEventA
CreateThread
WritePrivateProfileStringA
GetVersionExA
GetLastError
LoadLibraryA
FreeLibrary
GetFullPathNameA
GetUserDefaultLCID
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
GlobalReAlloc
FindNextFileA
lstrcpyA
WinExec
lstrlenA
lstrcatA
InitializeCriticalSection
DeleteCriticalSection

gdi32

SaveDC
RestoreDC
GetStockObject
SetBkColor
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetObjectA
DeleteDC
Escape
CreateFontIndirectA
Rectangle
GetDeviceCaps
SetMapMode
CreateBitmap
RectVisible
PtVisible
ExtTextOutA
DeleteObject
TextOutA
SetTextColor
SetBkMode
SelectObject
ExtSelectClipRgn
LineTo
MoveToEx
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
CreateBitmap
SelectObject
CreatePen
PatBlt
CombineRgn
CreateRectRgn
FillRgn
CreateSolidBrush
CreateFontIndirectA
GetStockObject
GetObjectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
GetViewportExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextMetricsA
CreateFontA
TranslateCharsetInfo
SetBkColor
CreateRectRgnIndirect
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
BeginPath

ws2_32

setsockopt
send
ntohs
inet_addr
recv
select
inet_ntoa
WSACleanup
closesocket
recvfrom
ioctlsocket
recv
getpeername
accept
ntohl
WSAAsyncSelect

atl

ord42

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
RegQueryValueA
RegCreateKeyExA

ole32

OleInitialize
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleRun
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
OleUninitialize
CoFreeUnusedLibraries
OleRun
CoCreateInstance
CLSIDFromString
OleUninitialize
OleInitialize
RegisterDragDrop
RevokeDragDrop
ReleaseStgMedium
CLSIDFromProgID

oleaut32

VariantChangeType
SafeArrayGetDim
SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VarR8FromBool
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
VariantInit
VarR8FromCy
VariantClear
VariantChangeType
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElement
VariantCopyInd
VariantInit
SysAllocString
SafeArrayDestroy
SafeArrayCreate
SafeArrayPutElement
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
UnRegisterTypeLi
SysFreeString
GetErrorInfo

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA
OpenPrinterA
DocumentPropertiesA
ClosePrinter

comctl32

ord17
ord17
ImageList_EndDrag
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_Destroy
ImageList_Create
ImageList_BeginDrag
ImageList_Add

oledlg

ord8

winmm

midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutRestart
midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen

shell32

DragFinish
DragAcceptFiles
DragQueryFileA
SHGetSpecialFolderPathA
Shell_NotifyIconA
ShellExecuteA

wldap32

ord29

comdlg32

ChooseFontA
ChooseColorA
GetOpenFileNameA
GetFileTitleA
GetSaveFileNameA

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8.8MB - Virtual size: 8.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 324KB - Virtual size: 554KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

efce80b8772a156fe0cbc08ed8fd7a0a

Headers

File Characteristics

Imports

user32

kernel32

gdi32

ws2_32

atl

advapi32

ole32

oleaut32

winspool.drv

comctl32

oledlg

winmm

shell32

wldap32

comdlg32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 8.8MB - Virtual size: 8.8MB

.data Size: 324KB - Virtual size: 554KB

.rsrc Size: 48KB - Virtual size: 44KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 8.8MB - Virtual size: 8.8MB

.data
Size: 324KB - Virtual size: 554KB

.rsrc
Size: 48KB - Virtual size: 44KB