purplefox | TextInputh[.]exe

Resubmissions

28-01-2022 12:40

220128-pwfrhscegk 1

14-01-2022 10:52

220114-mye7nagacj 1

Sharing

Copy URL

Twitter E-mail

General

Target

TextInputh.exe
Size

170KB
MD5

c398b504f74500d6a1a47f72bb45bc83
SHA1

05a33dbc4b239580748570b6d87a680c61102a11
SHA256

bae1270981c0a2d595677a7a1fefe8087b07ffea061571d97b5cd4c0e3edb6e0
SHA512

16423b9ada75061bac4b86d41157ca56aeadabe825e17a4c1499ac2228f12115eef91e1ea9fd96884e079649402743efb00403b801131aa9cf1bf3ec582ac10c
SSDEEP

3072:ewqAWzUGgRMFTiLuFi3QjwXLNKW2Mi37XzKPCBnVBYb6N:DZqou+JK7M2XzW+4

Score

10^/10

dropper purplefox

Malware Config

Extracted

Family

purplefox

http://193.164.223.77:7456/77

Signatures

Purplefox family
purplefox

Files

TextInputh.exe
.exe windows x64

8c7a2087e32d0d923df57c2cdd7e54d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFileAttributesA
GetCurrentProcessId
GetModuleFileNameA
Sleep
CopyFileA
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
GetSystemTimeAsFileTime
GetLastError
DeleteFileA
GetProcAddress
GetModuleHandleA
ExitProcess
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
FlsGetValue
FlsSetValue
TlsFree
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
WriteFile
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
HeapSize
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
CreateDirectoryA

user32

GetWindowThreadProcessId
ShowWindow
EnumWindows
GetParent

shell32

ShellExecuteA

urlmon

URLDownloadToFileA

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 81KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

8c7a2087e32d0d923df57c2cdd7e54d7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

urlmon

Sections

.text Size: 59KB - Virtual size: 58KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 6KB - Virtual size: 13KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 81KB - Virtual size: 84KB

.text
Size: 59KB - Virtual size: 58KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 6KB - Virtual size: 13KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 81KB - Virtual size: 84KB