996f3a9bdd016b9fb9926bcb01a4b3e91f181fb5dba177ddc92e02f31d3dfb8d

General

Target

996f3a9bdd016b9fb9926bcb01a4b3e91f181fb5dba177ddc92e02f31d3dfb8d
Size

668KB
MD5

38576f4e6bb6babc2f6c2b70df7a1cdb
SHA1

0c7433340cf4f7967ebf3abbb97b88f22811e199
SHA256

996f3a9bdd016b9fb9926bcb01a4b3e91f181fb5dba177ddc92e02f31d3dfb8d
SHA512

d031e2d415e4c211c1f176b8afe756cd8317bc68f44e16fc3346b27a15bb535c4a20d3ab223f7788b0126ecc0cdd705c9db1de0b1778148adfdaf67a9b393e37
SSDEEP

12288:ME8rjoDsSbgw5B7ijMwE3872MFnEMUAPUVqzPTcSgrbq0EuawvU21X5rYkO:MVogSbjB7ij7EIFnmA8qEStBY9mkO

Score

10^/10

Malware Config

Signatures

Nirsoft 2 IoCs

Processes:

resource	yara_rule
static1/unpack001/iROBUX.exe	Nirsoft
static1/unpack001/readme.__________txt.exe	Nirsoft

NirSoft MailPassView 2 IoCs

Password recovery tool for various email clients

Processes:

resource	yara_rule
static1/unpack001/iROBUX.exe	MailPassView
static1/unpack001/readme.__________txt.exe	MailPassView

NirSoft WebBrowserPassView 2 IoCs

Password recovery tool for various web browsers

Processes:

resource	yara_rule
static1/unpack001/iROBUX.exe	WebBrowserPassView
static1/unpack001/readme.__________txt.exe	WebBrowserPassView

Files

996f3a9bdd016b9fb9926bcb01a4b3e91f181fb5dba177ddc92e02f31d3dfb8d
.zip
iROBUX.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 679KB - Virtual size: 678KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
readme.__________txt.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 527KB - Virtual size: 526KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 679KB - Virtual size: 678KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 527KB - Virtual size: 526KB

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 679KB - Virtual size: 678KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 527KB - Virtual size: 526KB

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 512B - Virtual size: 12B