Phemedrone-Stealer[.]exe | Triage

Sharing

General

Target

Phemedrone-Stealer.exe
Size

81KB
MD5

3e2f888ce2078969c81b1e49026115f1
SHA1

4c877004934f4912502ff9862a962d6ec92ab011
SHA256

eb1c2284db5dd717f9ab690f2080ce880f83506f792b79c22ae452d6edc4587f
SHA512

da1f57f2c167affe0ae023bf3a875ed64501e26dc75270c2a7821713c3dc2ff677f581b035e5b9c2a63011ed90c4757be3621bf75de787ec0a021f806f972b90
SSDEEP

1536:w8KpkpcGtNWaaCQZB1rniGbJeadDTJHjwtNGMlCn5p2gnhQqJSwEKb/:w8KWGGtqCeiGbJeadDTZjwtNVlq54gnd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Phemedrone-Stealer.exe

Files

Phemedrone-Stealer.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ