Static task
static1
General
-
Target
Phulli
-
Size
521KB
-
MD5
920612ac244a18f29b8eefa994b82ebd
-
SHA1
c2650eff9709874d4875a41e9d40093f4fd08834
-
SHA256
3e23809c8f13fb823831bde5d531b635f25215d80694872ac0fc0fe32fccf34a
-
SHA512
803bf9fc942e662c5688d3be9ce64a7e8b69c8546ee67ef1256a07d0b552f699c0653550b5a8def989ecae22a9c4151f102dea026c71902763c2fb9bf3f60c71
-
SSDEEP
6144:lbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9tWPenPF9:lQtqB5urTIoYWBQk1E+VF9mOx9GePF
Malware Config
Signatures
-
Nirsoft 1 IoCs
resource yara_rule sample Nirsoft -
NirSoft MailPassView 1 IoCs
Password recovery tool for various email clients
resource yara_rule sample MailPassView -
NirSoft WebBrowserPassView 1 IoCs
Password recovery tool for various web browsers
resource yara_rule sample WebBrowserPassView -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Phulli
Files
-
Phulli.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 506KB - Virtual size: 506KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 312B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ