phemedrone | 19b80e894146b941d7a1b47e5264dde0[.]bin | Triage

Sharing

General

Target

19b80e894146b941d7a1b47e5264dde0.bin
Size

38KB
MD5

2ec5f01c2e80c77c25d19889ea94c043
SHA1

54dea243c9069bec04f689ff93def0d58b7c1e15
SHA256

5eef40f849a33dd0af2ffa5af80750909c9c5eea5f60489e38b2d1c128fe5d62
SHA512

a3b13aa33393c7870a7118fced4631db73c4e798a279c176727abd304a8bf4fed7a55b44b4187fd0859df8c5726712cbc7f3cfbff1bc32e2e685a907e3e38309
SSDEEP

768:4R9Gt9L92bIjumbySDKVhZt63+69oSGl0Edo+ZsjLdZHWAh9+/A:19R2b45mSKJuoS4No6ERtWK96A

Score

10^/10

phemedrone

Malware Config

Signatures

Phemedrone family
phemedrone

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/a72d37979c90b5850bc50bd063a5da3bfeebea11b2ebecff85f35b7586433f38.exe

Files

19b80e894146b941d7a1b47e5264dde0.bin
.zip

Password: infected
a72d37979c90b5850bc50bd063a5da3bfeebea11b2ebecff85f35b7586433f38.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ