General
-
Target
SQLi Dumper_Cracked_By_Angeal.exe
-
Size
3.1MB
-
MD5
23b13de0838299ce5e8f59ba2e3ebdf7
-
SHA1
318efae69ba2a0951e7b780b1589f19f1c19651a
-
SHA256
28bca9b48835bca72a112dabe20dbaa62ea173d54d75a00e4a13697a456e3700
-
SHA512
aa867bda90fdef17af1cb4194b651351e865611780eacb28b5256bf4a711c2143816a3ac250af07ba6540e4139ba2de6ee798e3f2cbc4866b9369d91397b2b25
-
SSDEEP
49152:MVKb9+AynEAEokkYomvrvevULQVXltdtE/UlrWG:Zb9vLokkYvrveveQtTTeU
Malware Config
Signatures
-
Detect Neshta payload 1 IoCs
resource yara_rule sample family_neshta -
Neshta family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource SQLi Dumper_Cracked_By_Angeal.exe
Files
-
SQLi Dumper_Cracked_By_Angeal.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.1MB - Virtual size: 3.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ