purplefox | 608b3486309d15bed054e22e20d87c44e43a6cde3dad6942ef592c9d3c4f3cff

Sharing

Copy URL

Twitter E-mail

General

Target

608b3486309d15bed054e22e20d87c44e43a6cde3dad6942ef592c9d3c4f3cff
Size

186KB
MD5

2ed8df319374ded66ac933e7b44eb270
SHA1

5f237f5ee1cf93f9860aa3264337727fea796e1d
SHA256

608b3486309d15bed054e22e20d87c44e43a6cde3dad6942ef592c9d3c4f3cff
SHA512

0c1a5e1f7ab3e82d0c304809b488ba48c7d48c175a53480f26c616c69649caa67f937c6a475b3ed117514255d150cbb1f38cd5de1576fd216ebc4d38c7779c80
SSDEEP

3072:RGMBwl73iVnU4p9OvHwOfBLkPtw0YX02Cv53+:UFl2+viqY

Score

10^/10

dropper purplefox

Malware Config

Extracted

Family

purplefox

http://194.146.84.244:4397/77

Signatures

Purplefox family
purplefox

Files

608b3486309d15bed054e22e20d87c44e43a6cde3dad6942ef592c9d3c4f3cff
.exe windows x64

ba6ff8158e304253eb3bc963e6779e5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryA
GetProcAddress
GetModuleFileNameA
Sleep
CopyFileA
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
CreateMutexA
GetLastError
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetFilePointer
GetLocaleInfoA
GetStringTypeW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetFileAttributesA
DeleteFileA
GetModuleHandleW
ExitProcess
GetCommandLineA
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlCaptureContext
GetModuleFileNameW
HeapSize
HeapValidate
IsBadReadPtr
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
RtlVirtualUnwind
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
GetCurrentThreadId
FlsAlloc
FlsFree
SetLastError
WriteFile
GetStdHandle
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapSetInformation
HeapCreate
FlushFileBuffers
GetConsoleCP
GetConsoleMode
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LoadLibraryW
HeapAlloc
HeapReAlloc
HeapQueryInformation
HeapFree
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
CreateDirectoryA

Sections

.text
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

ba6ff8158e304253eb3bc963e6779e5e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 133KB - Virtual size: 132KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 6KB - Virtual size: 14KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 133KB - Virtual size: 132KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 6KB - Virtual size: 14KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 1KB