webmonitor | 35d933b942fee8d41d0021dbb6810c13f38ca4956b8a635046978c4d3b545b06 | Triage

Sharing

General

Target

35d933b942fee8d41d0021dbb6810c13f38ca4956b8a635046978c4d3b545b06
Size

772KB
MD5

e2ff44846d7cd5849fbca477d3be4259
SHA1

98c5df737681738d41c5437436005cdee4341ddf
SHA256

35d933b942fee8d41d0021dbb6810c13f38ca4956b8a635046978c4d3b545b06
SHA512

f575b9003d76ae27fdedd232941bae21e436ceb1ccfd0aff3c69eed6277c9386125c461aeb2b27a561ff9b8aedfd89ebce415befe933e625c50e9a5925cda933

Score

10^/10

upx webmonitor

Malware Config

Extracted

Family

webmonitor

C2

snpandey4659.wm01.to:443

Attributes

config_key
sFitr5r1ExCJl86X6inyc4qxlzwyw8fK
private_key
t1wG88poq
url_path
/recv4.php

Signatures

WebMonitor Payload 1 IoCs

Processes:

resource yara_rule

sample family_webmonitor
Webmonitor family
webmonitor
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

sample upx

Files

35d933b942fee8d41d0021dbb6810c13f38ca4956b8a635046978c4d3b545b06
.exe windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: 468KB - Virtual size: 468KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.l2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ