purplefox | 9e5abbc5d80a4e68de72aa11283175868f8670bfcb8d2c0479080713b7115648

Sharing

Copy URL

Twitter E-mail

General

Target

9e5abbc5d80a4e68de72aa11283175868f8670bfcb8d2c0479080713b7115648
Size

298KB
MD5

c073636755b0fbd74436a45ddb89b6b0
SHA1

cc8a80d188ffe0f187d00216fccc0eaf3eb89a91
SHA256

9e5abbc5d80a4e68de72aa11283175868f8670bfcb8d2c0479080713b7115648
SHA512

85312f967a04967fc254c1c0b1d680d0d8b119ee67d05c8c5a2130a3902d3674c692677857d844b07c12c96afeaf9b1ffa2bb53a09a431ee7076ac4a28b6c051
SSDEEP

3072:Qi1r7IaWWR3F/ZXu5Di3gzkrfLlkHd37XzK537XzKnL3Z0CBMiCBW8TPbbIbiVaT:jtlDuDzGZ0FXz4XzOL3e+Mi+rEGQI

Score

10^/10

dropper purplefox

Malware Config

Extracted

Family

purplefox

http://193.164.223.77:7456/77

Signatures

Purplefox family
purplefox

Files

9e5abbc5d80a4e68de72aa11283175868f8670bfcb8d2c0479080713b7115648
.exe windows x64

e974122a697cbc65b76863a14dbe1f12

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFileAttributesA
GetCurrentProcessId
GetModuleFileNameA
Sleep
CopyFileA
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
CreateMutexA
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetSystemTimeAsFileTime
DeleteFileA
GetProcAddress
GetModuleHandleA
ExitProcess
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
FlsGetValue
FlsSetValue
TlsFree
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
WriteFile
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
HeapSize
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
CreateDirectoryA

user32

GetWindowThreadProcessId
ShowWindow
EnumWindows
GetParent

shell32

ShellExecuteA

urlmon

URLDownloadToFileA

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 208KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

e974122a697cbc65b76863a14dbe1f12

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

urlmon

Sections

.text Size: 59KB - Virtual size: 59KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 6KB - Virtual size: 13KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 208KB - Virtual size: 212KB

.text
Size: 59KB - Virtual size: 59KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 6KB - Virtual size: 13KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 208KB - Virtual size: 212KB