stormkitty | Builder[.]exe | Triage

Sharing

General

Target

Builder.exe
Size

40KB
MD5

766b531d3ea87df07f4a30478e0b6fea
SHA1

3a723efa352eff3421bb1a6fbee9aac3c68a56bd
SHA256

d3cf46a48919b2e21163ec3a38b3212eb2a130c0c58e9797590d0ef1767583d8
SHA512

a8ba8f652cf030daad7ef4971b41253cfe57717b70c4aeed0ce1689a73d6d92562185e9b9aa672f6da1ce4ab476b152d08026060ed41d1b97f19044c135b4742
SSDEEP

384:gWSeROQvTrHR5szYa/Yw2MX1nHmFrooooooooooboooooooooLzyCWS/h4:xzjTDHsz/YSNyeyD04

Score

10^/10

stormkitty

Malware Config

Signatures

StormKitty payload 1 IoCs

resource	yara_rule
sample	family_stormkitty

Stormkitty family
stormkitty

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Builder.exe

Files

Builder.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ